How to Protect AS ABAP & AS Java Against BEAST Attacks

The BEAST attack on SSL/TLS has gained popularity in the last two years and many administrators as well as security experts are often confronted with implementing a reasonable solution for mitigating that issue.

There are sufficient sources in the Internet on what the BEAST attack is and how it can be employed to eavesdrop connections and hijack user sessions, so I will not spend any time on that.

In this blog I will explain how you can configure your SAP NetWeaver AS ABAP (all versions) or AS Java (7.10 and newer) system to protect it against BEAST. For older AS Java releases I will write a separate blog on how to harden the cipher suite configuration and protect against BEAST.

Prerequisites:

Prerequisites for implementing the BEAST mitigation is that you have configured an appropriately running SSL/TLS configuration on your application server. Make sure also that you have installed and running the most current SAPCRYPTOLIB version on your system.

For ABAP systems you can check the version in transaction STRUST. Choose Environment -> Display SSF Version. You will get a pop-up like this one:

For current Java application servers starting with release 7.10 you can check the ICM trace to verify that you are running the most current SAPCRYPTOLIB on the system. The ICM trace can be viewed in SAP NetWeaver Administrator (/nwa) Log Viewer (/nwa/logs). In the Log Viewer choose  View –> Open Expert View  and select dev_icm from the  Display Log File: drop down.

Alternatively you can find that information on file system level under: <drive>\usr\sap\<sid>\<instance>\work\dev_icm

You can download the most current version on the following site:

https://service.sap.com/security

BEAST Considerations

Fixing BEAST on the server side can be summarized in choosing the appropriate cipher suites allowed for establishing an SSL/TLS connection. The usual issue is that system owners have to balance security and usability of the service they offer. The application services should often be accessible by any browser type in different flavors and versions. This implies that the service operator should consider the use case of his application and the type of clients who consume his service. Enforcing only highly secure cipher suites on the server side may result in connectivity issues on the client side as clients may not support the highly secure ciphers allowed on the server. A reasonable balance between security and usability can be achieved by using prioritization of the ciphers used. This means, the server would try to establish an SSL/TLS connection with the client by using highly secure ciphers, which cannot be attacked by BEAST and only if the client does not support these ciphers, the server would fall back to more insecure or “BEAST attackable” ciphers. As the BEAST attack it targeting only CBC ciphers, a solution would be to prioritize RC4 ciphers higher as CBC.

BEAST Mitigation

SAPCRYPTOLIB offers all together 11 ciphers in different categories according to their strength – EXPORT, LOW, MEDIUM and HIGH. For the sake of eliminating ciphers which are insecure you should use only MEDIUM and HIGH ciphers. This leaves our set of choice to two MEDIUM RC4 ciphers and three HIGH CBC ciphers.

In order to protect against BEAST you should prioritize the RC4 ciphers to have higher priority than the CBC ciphers.

Cipher configuration is best performed in the default profile of the application server. The profile file is by default located at:

<drive>\usr\sap\<sid>\SYS\profile\DEFAULT.PFL

Open the file and locate the configuration parameter ssl/ciphersuites. If not available, you need to add it. Set the parameter as follows:

ssl/ciphersuites= MEDIUM:HIGH

Restart all ICM processes of your system and test your new configuration by using the different SSL/TLS scanners available in the Internet.