Skip to Content

SAP Web Dispatcher as reverse proxy for SMP3

As of SMP3 SP07 you can use SAP Web Dispatcher as a reverse proxy for SMP3. Depending on your landscape, this simplifies A LOT your architecture. And you can reuse your WD knowledge and gain support from SAP. Installing the WD is done as usual, with one caveat: you have to inform the commonlib which TLS to use:

ssl/ciphersuites = 896:HIGH
ssl/client_ciphersuites =896:HIGH

Without these parameters, WD will try to connect to SMP3 but won’t be able to connect, as the response send by SMP3 cannot be interpreted (protocol not understood). With the above configuration, WD can connect to SMP3 using TLS. While this may look strange, it actually is necessary as SMP3 uses some high TLS security.

To understand better what these two parameters do, take a look at the Commonlib + Web Dispatcher SAP Note: 510007

For more information like a sample WD profile, read on here.

You must be Logged on to comment or reply to a post.
  • Hi Tobias,

    I’m attempting to set up my web dispatcher  (7.42) as a reverse proxy for my SMP 3.0 (SP08) instance that is running Agentry Service Manager. I have set the two parameters:

    • ssl/ciphersuites = 896:HIGH
    • ssl/client_ciphersuites = 896:HIGH

    However I am receiving errors in the dev_webdisp when I start the dispatcher:


    The CommonCryptoLib  version is 8.4.23 pl40. Any idea why I am getting this error?



    • Luke,

      your protocol version is limited to TLSv1.0. Normally SMP3 uses TLSv1.2. Not sure if this is now because of WD or SMP3 …

      Can you access the SMP3 URL in a browser (without WD) and see which version of TLS is being used?

    • Luke,

      try a connector setting like this:

      <Connector SSLEnabled=”true” ciphers=”TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA” clientAuth=”false” keyAlias=”tobias” maxThreads=”200″ port=”8081″ protocol=”” scheme=”https” secure=”true” smpConnectorName=”oneWaySSL” sslEnabledProtocols=”TLSv1,TLSv1.1,TLSv1.2″ sslProtocol=”TLS”/>

      This should enable TLSv1, TLSv1.1 and TLSv1.2 on SMP3.

      • Hi Tobias,

        Yes the SMP URL is directly accessible bypassing the Web Dispatcher. The TLS version being used is TLS 1.2.


        I also patched the Web Dispatcher last week as well. The web dispatcher release is:

        relno = 7420

        patchlevel = 0

        patchno = 15


  • Hi Tobias,

    Looks like I had an issue with my version of WD. I downloaded the 7.42 WD released on 09/09/2015 and upgraded

    Now I am able to connect through to SMP successfully. Thanks for the guidance!