cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

TLS 1.2 upgrade requirements and configurations

Former Member

on ‎07-26-2017 10:31 AM

Scenario: NW AS JAVA 7.31 using TLS 1.0 which needs to be upgraded to use TLS 1.2. Web Dispatcher version 7.20.0 is installed. Common cryptolib version is 8.4.16. JAVA Portal accepts both inbound as well as outbound connections. It is connected to ECC system in backend.

Requirement: Upgrade existing TLS 1.0 to TLS 1.2.

Findings: We have referred to SAP Notes: 510007, 2284059, 2417205, 2110020, 2439769 and other SCN threads related to TLS 1.2 upgrade, but couldn't find satisfactory answers.

Steps we are going to take as pre-requisite to upgrade are:

1. Upgrading to Common Cryptolib version to 8.5.5.

2. Setting below parameters:

ssl/ciphersuites = 774:PFS:HIGH:MEDIUM

ssl/client_ciphersuites = 768:PFS:HIGH:MEDIUM

3. Current NW version is 7.31 SP 07(SERVERCORE component is having value 1000.7.31.7.15.2013...). As per SAP Note 2284059, there are no patches available for SP07 (SP08 to SP19 are available). So either upgrade to NW 7.31 SP20 or 7.5 SP01.

4. If required upgrade SAP Web Dispatcher version from 7.20.0 to 7.49.

Questions:

1. Someone please let us know if the above mentioned approach is correct and if we are missing out on anything?

2. Where it is best suitable to set the above mentioned parameters? NW AS JAVA or Web Dispatcher?

3. As per SAP Note 2284059, for NW 7.31 SP20,there are no patches available. So does it mean that no patches are required if upgraded to SP20?

4. If parameters are set in Web Dispatcher profile, is it still important to upgrade NW AS JAVA?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

khaleelbasha
Explorer
‎11-18-2020 12:32 PM
0 Kudos

Hi There,

My scenario is same as like yours.

Could you please post the solution which you tried to use your sap java portal to use TLS 1.2. I have the same issue i don't find any correct resolution. My scenario is same as like yours.

Regards,

Khaleel

Show replies
Show replies
former_member189220
Active Contributor
‎08-05-2017 1:04 PM
0 Kudos

1. I am not certain what do you mean. Yet, I would suggest you at least to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files .

2. Please revise this guide

https://help.sap.com/saphelp_nw73ehp1/helpdata/en/48/98e6a84be0062fe10000000a42189d/content.htm

It is up to you decision which scenario you will configure. Accordingly to your choice you will need to configure SAP Web Dispatcher, AS Java or both. I would suggest you to use either 3,4 or 5.

3. There are no patches for SPS 19 neither. Also no patches are required for SERVERCORE 7.31 SPS20. This SCA contains all the fixes of the previous SPS.

4. If SERVERCORE 7.31 SPS 19, the AS Java will support TLS 1.2

Show replies
Show replies
Former Member
‎08-07-2017 8:40 AM
0 Kudos

Thank you Milen for your response and clarification on NW 7.31 SPS20 point.

We want to upgrade our TLS protocol version from 1.0 to 1.2. So for this, we referred above mentioned SAP notes and tried to figure out a tentative plan for upgrade. Wanted to know if the above mentioned plan is good to go ahead with or we are missing out on something.

Please elaborate how would installing JCE Unlimited Strength Jurisdiction Policy files will help in this case?

former_member189220
Active Contributor
‎08-08-2017 11:14 AM
0 Kudos

"Installing JCE Unlimited Strength Jurisdiction Policy files" will make possible to run more cipher suits. The default suite is only available if Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files are installed. Hence, please make sure unlimited JCE is used by the JVM.

2284059 - Update of SSL library within NW Java server

This "step" you have not mentioned in the thread description. Otherwise I have commented on the rest.

Ask a Question