Skip to Content
avatar image
Former Member

TLS 1.2 upgrade requirements and configurations

Scenario: NW AS JAVA 7.31 using TLS 1.0 which needs to be upgraded to use TLS 1.2. Web Dispatcher version 7.20.0 is installed. Common cryptolib version is 8.4.16. JAVA Portal accepts both inbound as well as outbound connections. It is connected to ECC system in backend.

Requirement: Upgrade existing TLS 1.0 to TLS 1.2.

Findings: We have referred to SAP Notes: 510007, 2284059, 2417205, 2110020, 2439769 and other SCN threads related to TLS 1.2 upgrade, but couldn't find satisfactory answers.

Steps we are going to take as pre-requisite to upgrade are:

1. Upgrading to Common Cryptolib version to 8.5.5.

2. Setting below parameters:

ssl/ciphersuites = 774:PFS:HIGH:MEDIUM

ssl/client_ciphersuites = 768:PFS:HIGH:MEDIUM

3. Current NW version is 7.31 SP 07(SERVERCORE component is having value 1000.7.31.7.15.2013...). As per SAP Note 2284059, there are no patches available for SP07 (SP08 to SP19 are available). So either upgrade to NW 7.31 SP20 or 7.5 SP01.

4. If required upgrade SAP Web Dispatcher version from 7.20.0 to 7.49.

Questions:

1. Someone please let us know if the above mentioned approach is correct and if we are missing out on anything?

2. Where it is best suitable to set the above mentioned parameters? NW AS JAVA or Web Dispatcher?

3. As per SAP Note 2284059, for NW 7.31 SP20,there are no patches available. So does it mean that no patches are required if upgraded to SP20?

4. If parameters are set in Web Dispatcher profile, is it still important to upgrade NW AS JAVA?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Aug 05, 2017 at 12:04 PM

    1. I am not certain what do you mean. Yet, I would suggest you at least to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files .

    2. Please revise this guide

    https://help.sap.com/saphelp_nw73ehp1/helpdata/en/48/98e6a84be0062fe10000000a42189d/content.htm

    It is up to you decision which scenario you will configure. Accordingly to your choice you will need to configure SAP Web Dispatcher, AS Java or both. I would suggest you to use either 3,4 or 5.

    3. There are no patches for SPS 19 neither. Also no patches are required for SERVERCORE 7.31 SPS20. This SCA contains all the fixes of the previous SPS.

    4. If SERVERCORE 7.31 SPS 19, the AS Java will support TLS 1.2

    Add comment
    10|10000 characters needed characters exceeded