Skip to Content

As of SMP3 SP07 you can use SAP Web Dispatcher as a reverse proxy for SMP3. Depending on your landscape, this simplifies A LOT your architecture. And you can reuse your WD knowledge and gain support from SAP. Installing the WD is done as usual, with one caveat: you have to inform the commonlib which TLS to use:


ssl/ciphersuites = 896:HIGH
ssl/client_ciphersuites =896:HIGH

Without these parameters, WD will try to connect to SMP3 but won’t be able to connect, as the response send by SMP3 cannot be interpreted (protocol not understood). With the above configuration, WD can connect to SMP3 using TLS. While this may look strange, it actually is necessary as SMP3 uses some high TLS security.

To understand better what these two parameters do, take a look at the Commonlib + Web Dispatcher SAP Note: 510007


For more information like a sample WD profile, read on here.

To report this post you need to login first.

5 Comments

You must be Logged on to comment or reply to a post.

  1. Luke Chiew

    Hi Tobias,

    I’m attempting to set up my web dispatcher  (7.42) as a reverse proxy for my SMP 3.0 (SP08) instance that is running Agentry Service Manager. I have set the two parameters:

    • ssl/ciphersuites = 896:HIGH
    • ssl/client_ciphersuites = 896:HIGH

    However I am receiving errors in the dev_webdisp when I start the dispatcher:

    /wp-content/uploads/2015/09/dev_webdisp_784581.jpg

    The CommonCryptoLib  version is 8.4.23 pl40. Any idea why I am getting this error?

    Regards,

    Luke

    (0) 
    1. Tobias Hofmann Post author

      Luke,

      your protocol version is limited to TLSv1.0. Normally SMP3 uses TLSv1.2. Not sure if this is now because of WD or SMP3 …

      Can you access the SMP3 URL in a browser (without WD) and see which version of TLS is being used?

      (0) 
    2. Tobias Hofmann Post author

      Luke,

      try a connector setting like this:

      <Connector SSLEnabled=”true” ciphers=”TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA” clientAuth=”false” keyAlias=”tobias” maxThreads=”200″ port=”8081″ protocol=”com.sap.mobile.platform.coyote.http11.SapHttp11Protocol” scheme=”https” secure=”true” smpConnectorName=”oneWaySSL” sslEnabledProtocols=”TLSv1,TLSv1.1,TLSv1.2″ sslProtocol=”TLS”/>

      This should enable TLSv1, TLSv1.1 and TLSv1.2 on SMP3.

      (0) 
      1. Luke Chiew

        Hi Tobias,

        Yes the SMP URL is directly accessible bypassing the Web Dispatcher. The TLS version being used is TLS 1.2.

        /wp-content/uploads/2015/09/2015_09_10_8_19_49_786887.jpg

        I also patched the Web Dispatcher last week as well. The web dispatcher release is:

        relno = 7420

        patchlevel = 0

        patchno = 15

        Luke

        (0) 
  2. Luke Chiew

    Hi Tobias,

    Looks like I had an issue with my version of WD. I downloaded the 7.42 WD released on 09/09/2015 and upgraded
    .

    Now I am able to connect through to SMP successfully. Thanks for the guidance!

    Luke

    (0) 

Leave a Reply