- SAP Community
- Products and Technology
- Technology
- Technology Blogs by Members
- CommonCryptoLib: TLS protocol versions and cipher ...
Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
JoeGoerlich
Active Contributor
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
05-03-2021
10:32 PM
Many years ago SAP deprecated the SAPCRYPTOLIB and introduced the CommonCryptoLib (CCL) as its successor. The CCL is not only a replacement for its predecessor but also for OpenSSL, which was used for example by SAP HANA in its early days (and up to SAP HANA 2.0 SPS01 for LDAP).
In the meantime the CCL is available in its latest version 8.5.x and is used by many SAP components. Some examples are:
All of these components have one thing in common: They make use of one or more communication protocols (e.g., HTTP, P4, IIOP, JDBC, LDAP) which nowadays should be secured using TLS (Transport Layer Security).
Please also read the other blogposts of this series:
CommonCryptoLib: TLS protocol versions and cipher suites
CommonCryptoLib: SNC protocol versions and cipher suites
CommonCryptoLib: Manage PSE files and SSO Credentials (cred_v2)
CommonCryptoLib: Certificate Revocation List validation
2022-09-16: Added info about changes to TLS_FALLBACK_SCSV.
Since the main browser vendors decided to no longer support some TLS versions, every admin dealing with web applications had to learn at least in the recent months about the different TLS versions out there.
Some of the TLS versions are existing for more than 20 years and can be considered as weak. For example TLS 1.0 and TLS 1.1 have finally been flagged as deprecated by IETF (see rfc8996, which took them btw more than two and a half years (see https://datatracker.ietf.org/doc/rfc8996/history/).
And others are the new kids on the block like TLS 1.3 and ETS (formerly known as eTLS). They are so "fresh" that they aren't supported in all products, yet.
Today, the version which can be considered as widely supported is TLS 1.2.
Cipher suites define a set of algorithms that usually contain a key exchange algorithm, a Signature, a bulk encryption algorithm, and a message authentication code (MAC) algorithm.
Not every cipher suites can be combined with every TLS protocol version.
And to cause even more confusion there are different notations on cipher suites: IANA naming vs. OpenSSL naming.
SapSSL is the high-level protocol handler of the SAP Kernel and its components. Whenever cryptography for TLS is needed SapSSL addresses a cryptographic library.
The to-be-used library is configured by the profile parameter
The CCL has a built-in default configuration which serves maximum compatibility but offers very weak security and therefore should no longer be used nowadays. To overwrite this default configuration most components read profile parameters and pass them through SapSSL to the CCL.
As some components do not read from profile parameters the CCL reads also from environment variables as a fallback. This allows a secure custom configuration to be used by these components.
SAP HANA (Database (incl. XS Classic) and XSA) integrate the CCL by other means. The CCLs' configuration is stored in the configuration .ini files.
Some components act only as clients (for example sapcontrol), some act only as server (for example sapstartsrv) and some act as both (for example the ICM of SAP NW AS ABAP).
Some components do not or at least partially not relay on the combination of SapSSL + CCL. Instead they use the Java IAIK-JCE or the JSSE, the Windows stack or any other products' own TLS stack. For example for the TLS handshake for incoming connections to the ICM of SAP NW AS Java the CCL is used, while SAP NW AS Java uses for outgoing connections the IAIK.
That means there are also other places where to configure TLS and cipher suites, besides the one described in this blogpost. SAP note 2384243 is a good read for that.
During the TLS handshake the server and the client are negotiating the to be used TLS protocol version and the to be used cipher suites. Each side typically support more than one cipher suite to offer higher compatibility. Each party asks for acknowledgement on the TLS version and the cipher suites in a given order until they come to an agreement. If no matching TLS version or cipher suite could be negotiated the handshake will fail.
The CCL can be downloaded directly and the lib simply can be exchanged.
For SAP ABAP or Java systems it is also part of the SAP Kernel (Stack Kernel or DW_UTILS*.SAR).
For SAP HANA it comes with the Revision update. For SAP HANA an update of the CCL with a directly obtained library is not recommended nor supported.
SAP supports the current and one maintained version.
As you may know there are the following profile parameters which allow to globally configure the available TLS protocol versions and cipher suites as well as the elliptic curves:
When acting as server:
When acting as client:
The corresponding environment variables, used by components which are not reading from profiles, are:
When acting as server:
When acting as client:
For all of them the value has to be in the following format:
To cover SAP Instance Agent, SAP NW AS ABAP, SAP NW AS Java and SAP Web Dispatcher we should add those profile parameters to the DEFAULT.PFL. This is also valid for SAP HANA, since it brings an Instance Agent with it which reads from the DEFAULT.PFL.
For the <sapsid>adm we also have to set those environment variables.
In addition to that we have to set the environment variable
In SAP HANA Database (incl. XS Classic) and SAP HANA XSA search for the properties
To cover SAP Host Agent we should add those profile parameters to the host_profile.
Since the sapadm is typically a non-login user without a shell we have to set those environment variables through the host_profile by adding
For other components like SAP JCo or SAP NCo we have to set those environment variables.
In some environments we may need to connect Barcode scanners, HMIs and alike which do not yet support the latest crypto. This is not uncommon since vendors have to support these devices for a very long lifetime or simply did not pay attention to security when the device have been thrown onto the market years ago.
For this the ICM of SAP NW AS as well as the SAP Web Dispatcher allow to define a specific configuration for individual ports differing from the global configuration using the sub-parameter
To do so we may want to configure a separate port offering an outdated TLS version and weaker cipher suites. For sure we have to implement additional measures like implementing a local firewall or an ACL to restrict access to this port to the necessary devices only.
An additional approach could be to use the SAP Web Dispatcher as communication middle-ware and place it next to these legacy devices in the factory. On the SAP Web Dispatcher we can then use TLS re-encryption to use state of the art TLS protocol versions and strong cipher suites for the communication between the SAP Web Dispatcher and the backend.
Remember it is not that easy do identify all components and command-line tools on our SAP system which relay on the CCL, as you may have already noticed by reading the list of components in the intro. So using a specific per port configuration allows us to explicitly support legacy devices while not weaken the security of all our other connections. Keep in mind, the warnings given in SAP note 2384290 are not neglectable.
During the last years various different recommendations have been made. Some of them with compatibility and others with a tradeoff of compatibility and security in mind. But still there is a lot of considerable confusion.
From my point of view this is often due to lack of knowledge about the configuration itself but also due to lack of knowledge about the whole topic. In many cases misleading or missing documentation plays also a role.
Now let's go into details about the protocols, cipher suites and elliptic curves to bring light into the dark, at least for the configuration part.
Protocols and features supported by the CommonCryptoLib can be configured using a bit-mask (and keywords).
The bit-mask is described in SAP note 510007, chapter 7.
To enable explicitly TLS 1.2 the bit-mask would be:
To enable TLS 1.2 and the highest protocol version which is going to be added in future (assuming TLS 1.3 would be rated higher then ETS formerly known as eTLS) a future proof (but some uncertainty adding) bit-mask would be:
Other options like BC (no longer supported by TLS 1.2 and above) or "NO_GAP" (may lead to falsely enable protocol versions) should not be enabled by the bit-mask.
To add a protocol downgrade prevention mechanism on server side the keyword
With these considerations we end up with the sub-string
The CommonCryptoLib assigns sets of cipher suites to groups. The available groups can be displayed using sapgenpse by issuing the command
The smallest group consists of a single bulk encryption algorithm and its mode + a certain key length (e.g., "eAES256_GCM"). The next larger consist of a single bulk encryption algorithm and its mode + all key lengths (e.g., "eAES256"). There are also groups combining a single algorithm and all its modes + all key lengths (e.g., "eAES").
Or groups that contain even more than one algorithms and key lengths which i call "classes".
These classes are defined by SAP. At time of writing the following classes exist:
"DEFAULT": Default cipher suites (HIGH:PFS:!aNULL:!eNULL)
"ALL": All supported cipher suites
"PFS": Perfect forward secrecy: key agreement with ephemeral keys
"HIGH": High security cipher suites (except PFS)
"MEDIUM": Medium security cipher suites
"LOW": (no longer used)
As these classes are defined by SAP they do not underlay a common understanding. From time to time SAP makes adjustments to these classes and communicate this via SAP note 2004653 (it is worth to subscribe to this note to keep track about changes). Almost all recommendations out there relay on these classes. Nevertheless, they do not provide control about the supported cipher suites to a full extent as it is desired in a high security area.
Furthermore, it also may be more complex to start with such a predefined class and strip it down to our needs than adding just the algorithms we want to support. Not knowing what happens after SAP made adjustments to the classes.
A good starting point could be to add cipher suites based on a well chosen bulk encryption algorithm and strip the resulting list down to the desired cipher suites by excluding certain key exchange algorithms or hash algorithms.
EDIT: In CommonCryptoLib 8.5.42 the group assignment and supported cipher suites has changed. The cipher suites class MEDIUM is now *empty*, see SAP note 3128664.
In this example we may want to adjust the global cipher suites settings to support a list of cipher suites based on cryptography recommended also in the latest publications from NIST, ECRYPT and the BSI for future use.
Therefore we enable only cipher suites based on AES-GCM with a key length of 128-bits at minimum, but preferring 256-bit key length, and exclude all cipher suites based on RSA key exchange as well as exclude MACs using SHA with less than 256-bit.
To achieve this we use the sub-string
We can verify the resulting list of supported cipher suites using the following command:
The output contains these ciphers:
As the result list does already not contain any MACs using SHA1 the sub-string
The result list also presents the list of cipher suites in the order offered used for negotiation during the handshake. With
After adjusting the global cipher suites we may need to determine the cipher suites needed for compatibility reasons.
For the ICM of SAP NetWeaver AS or SAP Web Dispatcher we add them only for the relevant port by adjusting the cipher suites for a dedicated, additional
If a legacy configuration has to be done for other components relaying on the CCL and acting as a server which is very rare, it may be inevitable to adjust the global configuration effecting all communications.
To determine which cipher suites need to be supported we may collect TLS traces or take a look at the documentation of the client. Then we can extend the sub-string in order to offer matching cipher suites.
For example we may need to add the bulk encryption algorithm ARIA-GCM and allow RSA for key exchange resulting in the substring
Again we can verify the resulting list of supported cipher suites using the following command:
The output now contains the these ciphers:
Similar to cipher suites the CommonCryptoLib assigns sets of elliptic curves to "classes". These classes are defined by SAP.
At time of writing the following classes exist:
"EC_DEFAULT" (=EC_HIGH:EC_MEDIUM),
"EC_ALL" : All supported elliptic curves
"EC_HIGH" : High security elliptic curves
"EC_MEDIUM" : Medium security elliptic curves
"EC_LOW" : Low security elliptic curves
"EC_NIST" : NIST standardized elliptic curves, recommended in Suite B
"EC_IETF".
And again these classes are defined by SAP and do not underlay a common understanding (maybe except the EC_NIST one). From time to time SAP makes adjustments to these classes (see for example SAP Note 2415828). Almost all recommendations out there relay on these classes. Nevertheless, they do not provide control about the supported elliptic curves to a full extent as it may be desired.
Therefore we can also add elliptic curves providing strong security explicitly by listing them in the sub-string:
There is also a switch available which enables the performance optimization of elliptic curves. So we may want to add that as well:
This considerations will result in the sub-string
So far we dealt mostly with the settings for the CCL configuration when acting as a server. The configuration when acting as client is slightly different.
When acting as HTTP client the option "Allow blind sending of a client certificate" should be enabled if a server sends an empty list of certificate authorities. If not enabled this would lead for the client to not being able to choose an acceptable client certificate.
Another noticeable difference is the
Sapgenpse offers also the possibility to verify the CCLs' configuration when acting as client, by adding the switch "-c", for example:
With this we may compare the supported TLS protocols and cipher suites offered by the server with the list of supported cipher suites according to our custom client-side configuration. The supported TLS protocols and cipher suites offered by the server can be determined for example using the command-line tool sslscan or OpenSSL or a trace from the handshake.
Having talked about all sub-strings and how to determine their values we now are able to craft the values for our global configuration parameters:
In the meantime the CCL is available in its latest version 8.5.x and is used by many SAP components. Some examples are:
- SAP Host Agent,
- SAP Instance Agent,
- SAP NetWeaver AS ABAP,
- SAP NetWeaver AS Java,
- SAP HANA,
- SAP Web Dispatcher,
- various Kernel Tools (saphttp, sldreg, sapkprotp, sapcontrol, saphostcontrol, etc.)
- SAP Java Connector (SAP JCo)
- SAP Connector for Microsoft .NET 3.0 (SAP NCo)
All of these components have one thing in common: They make use of one or more communication protocols (e.g., HTTP, P4, IIOP, JDBC, LDAP) which nowadays should be secured using TLS (Transport Layer Security).
Please also read the other blogposts of this series:
CommonCryptoLib: TLS protocol versions and cipher suites
CommonCryptoLib: SNC protocol versions and cipher suites
CommonCryptoLib: Manage PSE files and SSO Credentials (cred_v2)
CommonCryptoLib: Certificate Revocation List validation
Updates:
2022-09-16: Added info about changes to TLS_FALLBACK_SCSV.
2022-03-21: Added info about changes to cipher suites and group assignment.
2022-02-25: Updated recommendation regarding "Allow blind sending of a client certificate".
2021-11-05: Linked other blogposts of this series. Added section on how to update the CCL.
Protocol versions
Since the main browser vendors decided to no longer support some TLS versions, every admin dealing with web applications had to learn at least in the recent months about the different TLS versions out there.
Some of the TLS versions are existing for more than 20 years and can be considered as weak. For example TLS 1.0 and TLS 1.1 have finally been flagged as deprecated by IETF (see rfc8996, which took them btw more than two and a half years (see https://datatracker.ietf.org/doc/rfc8996/history/).
And others are the new kids on the block like TLS 1.3 and ETS (formerly known as eTLS). They are so "fresh" that they aren't supported in all products, yet.
Please note: As of SAP notes 2765639 in AS ABAP, SAP note 2834475 in AS Java and SAP note 2939945 in SAP BusinessObjects BI Platform 4.x TLS 1.3 is currently not supported.
Today, the version which can be considered as widely supported is TLS 1.2.
Cipher suites
Cipher suites define a set of algorithms that usually contain a key exchange algorithm, a Signature, a bulk encryption algorithm, and a message authentication code (MAC) algorithm.
Not every cipher suites can be combined with every TLS protocol version.
And to cause even more confusion there are different notations on cipher suites: IANA naming vs. OpenSSL naming.
Please note: A comprehensive overview about all available cipher suites, TLS version support and a security classification can be found at https://ciphersuite.info/cs/.
Technical background on the CCL integration
SapSSL is the high-level protocol handler of the SAP Kernel and its components. Whenever cryptography for TLS is needed SapSSL addresses a cryptographic library.
The to-be-used library is configured by the profile parameter
ssl/ssl_lib.The CCL has a built-in default configuration which serves maximum compatibility but offers very weak security and therefore should no longer be used nowadays. To overwrite this default configuration most components read profile parameters and pass them through SapSSL to the CCL.
As some components do not read from profile parameters the CCL reads also from environment variables as a fallback. This allows a secure custom configuration to be used by these components.
SAP HANA (Database (incl. XS Classic) and XSA) integrate the CCL by other means. The CCLs' configuration is stored in the configuration .ini files.
Some components act only as clients (for example sapcontrol), some act only as server (for example sapstartsrv) and some act as both (for example the ICM of SAP NW AS ABAP).
Some components do not or at least partially not relay on the combination of SapSSL + CCL. Instead they use the Java IAIK-JCE or the JSSE, the Windows stack or any other products' own TLS stack. For example for the TLS handshake for incoming connections to the ICM of SAP NW AS Java the CCL is used, while SAP NW AS Java uses for outgoing connections the IAIK.
That means there are also other places where to configure TLS and cipher suites, besides the one described in this blogpost. SAP note 2384243 is a good read for that.
During the TLS handshake the server and the client are negotiating the to be used TLS protocol version and the to be used cipher suites. Each side typically support more than one cipher suite to offer higher compatibility. Each party asks for acknowledgement on the TLS version and the cipher suites in a given order until they come to an agreement. If no matching TLS version or cipher suite could be negotiated the handshake will fail.
How to update the CCL?
The CCL can be downloaded directly and the lib simply can be exchanged.
For SAP ABAP or Java systems it is also part of the SAP Kernel (Stack Kernel or DW_UTILS*.SAR).
For SAP HANA it comes with the Revision update. For SAP HANA an update of the CCL with a directly obtained library is not recommended nor supported.
SAP supports the current and one maintained version.
Please note: Please make sure you keep the CCL updated. Especially for non-SAP partner systems having interfaces based on SAP JCo or SAP NCo.
How to configure the protocols and cipher suites supported by the CCL?
As you may know there are the following profile parameters which allow to globally configure the available TLS protocol versions and cipher suites as well as the elliptic curves:
When acting as server:
ssl/ciphersuitesWhen acting as client:
ssl/client_ciphersuitesThe corresponding environment variables, used by components which are not reading from profiles, are:
When acting as server:
SAPSSL_CIPHERSUITESWhen acting as client:
SAPSSL_CLIENT_CIPHERSUITESFor all of them the value has to be in the following format:
<Protocol_Bit-mask>:<Cipher_config>::<Elliptic_Curves_config>.Where to set these parameters?
To cover SAP Instance Agent, SAP NW AS ABAP, SAP NW AS Java and SAP Web Dispatcher we should add those profile parameters to the DEFAULT.PFL. This is also valid for SAP HANA, since it brings an Instance Agent with it which reads from the DEFAULT.PFL.
For the <sapsid>adm we also have to set those environment variables.
In addition to that we have to set the environment variable
CCL_PROFILE to point to a profile file, e.g., the DEFAULT.PFL. This is because with this some command-line tools can be enabled to read the CommonCryptoLibs' configuration from a profile. This affects for example 'sapcontrol' or 'sapgenpse'.Please note: The environment variables for <sapsid>adm must not be set via SAPStartSrv by adding SETENV_<xx>=<environment_variable>=<value> in the profiles. Since environment variables set by this method are only valid for child-processes of SAPStartSrv. <sapsid>adm is in most cases also used for some interactive operations using a shell.In SAP HANA Database (incl. XS Classic) and SAP HANA XSA search for the properties
sslMinProtocolVersion, sslCipherSuites, client_ciphersuites, and Router.WebDispatcher.CipherSuites. For the XSC WebDispatcher also the property ssl/ciphersuites can be set in the webdispatcher.ini overwriting the global values. The cipher suites follow the same format as below without the protocol bit-mask. I recommend the outstanding blog series from c9b9c8ea15574d29bfafe89e88ac94ec: HANA secure network communication.To cover SAP Host Agent we should add those profile parameters to the host_profile.
Since the sapadm is typically a non-login user without a shell we have to set those environment variables through the host_profile by adding
SETENV_<xx>=<environment_variable>=<value>.For other components like SAP JCo or SAP NCo we have to set those environment variables.
What about legacy devices which still need support for outdated TLS versions and weak cipher suites?
In some environments we may need to connect Barcode scanners, HMIs and alike which do not yet support the latest crypto. This is not uncommon since vendors have to support these devices for a very long lifetime or simply did not pay attention to security when the device have been thrown onto the market years ago.
For this the ICM of SAP NW AS as well as the SAP Web Dispatcher allow to define a specific configuration for individual ports differing from the global configuration using the sub-parameter
SSLCONFIG of the parameter icm/server_port_<xx> when acting as server.To do so we may want to configure a separate port offering an outdated TLS version and weaker cipher suites. For sure we have to implement additional measures like implementing a local firewall or an ACL to restrict access to this port to the necessary devices only.
An additional approach could be to use the SAP Web Dispatcher as communication middle-ware and place it next to these legacy devices in the factory. On the SAP Web Dispatcher we can then use TLS re-encryption to use state of the art TLS protocol versions and strong cipher suites for the communication between the SAP Web Dispatcher and the backend.
Remember it is not that easy do identify all components and command-line tools on our SAP system which relay on the CCL, as you may have already noticed by reading the list of components in the intro. So using a specific per port configuration allows us to explicitly support legacy devices while not weaken the security of all our other connections. Keep in mind, the warnings given in SAP note 2384290 are not neglectable.
How to find the correct values?
During the last years various different recommendations have been made. Some of them with compatibility and others with a tradeoff of compatibility and security in mind. But still there is a lot of considerable confusion.
From my point of view this is often due to lack of knowledge about the configuration itself but also due to lack of knowledge about the whole topic. In many cases misleading or missing documentation plays also a role.
Now let's go into details about the protocols, cipher suites and elliptic curves to bring light into the dark, at least for the configuration part.
Protocol Bit-mask
Protocols and features supported by the CommonCryptoLib can be configured using a bit-mask (and keywords).
The bit-mask is described in SAP note 510007, chapter 7.
To enable explicitly TLS 1.2 the bit-mask would be:
544(512 + 32 = TLS 1.2 + „Strict protocol version configuration“)
To enable TLS 1.2 and the highest protocol version which is going to be added in future (assuming TLS 1.3 would be rated higher then ETS formerly known as eTLS) a future proof (but some uncertainty adding) bit-mask would be:
546(512 + 32 +2 = TLS 1.2 + „Strict protocol version configuration“ + Best )
Please note: Keep in mind that TLS 1.3 relays on different cipher suites than TLS 1.2. This has then to be considered by configuring a future proof list of supported cipher suites.
Other options like BC (no longer supported by TLS 1.2 and above) or "NO_GAP" (may lead to falsely enable protocol versions) should not be enabled by the bit-mask.
To add a protocol downgrade prevention mechanism on server side the keyword
TLS_FALLBACK_SCSV may be added. Even if it is technically no longer needed for a server supporting TLS 1.2 and higher only, but it still may help to get - at least formally - a better security rating by test tools.Please note: As of CCL 8.5.45 TLS_FALLBACK_SCSV is enabled by default when acting as server. To explicitly disable it the keyword "-TLS_FALLBACK_SCSV" has to be added to the configuration string.With these considerations we end up with the sub-string
544:TLS_FALLBACK_SCSVCipher Suite Configuration
The CommonCryptoLib assigns sets of cipher suites to groups. The available groups can be displayed using sapgenpse by issuing the command
sapgenpse tlsinfo -HThe smallest group consists of a single bulk encryption algorithm and its mode + a certain key length (e.g., "eAES256_GCM"). The next larger consist of a single bulk encryption algorithm and its mode + all key lengths (e.g., "eAES256"). There are also groups combining a single algorithm and all its modes + all key lengths (e.g., "eAES").
Or groups that contain even more than one algorithms and key lengths which i call "classes".
These classes are defined by SAP. At time of writing the following classes exist:
"DEFAULT": Default cipher suites (HIGH:PFS:!aNULL:!eNULL)
"ALL": All supported cipher suites
"PFS": Perfect forward secrecy: key agreement with ephemeral keys
"HIGH": High security cipher suites (except PFS)
"MEDIUM": Medium security cipher suites
"LOW": (no longer used)
Please note: http/2 for example strictly requires cipher suites providing PFS (perfect forward secrecy) which is not given by a key exchange based on RSA and is not covered by the class "HIGH".
As these classes are defined by SAP they do not underlay a common understanding. From time to time SAP makes adjustments to these classes and communicate this via SAP note 2004653 (it is worth to subscribe to this note to keep track about changes). Almost all recommendations out there relay on these classes. Nevertheless, they do not provide control about the supported cipher suites to a full extent as it is desired in a high security area.
Furthermore, it also may be more complex to start with such a predefined class and strip it down to our needs than adding just the algorithms we want to support. Not knowing what happens after SAP made adjustments to the classes.
A good starting point could be to add cipher suites based on a well chosen bulk encryption algorithm and strip the resulting list down to the desired cipher suites by excluding certain key exchange algorithms or hash algorithms.
Please note: To have a full understanding some knowledge about cryptography would be an advantage, but also the security classification from https://ciphersuite.info/cs/ could be consulted to determine which cipher suites are safe to be supported.
EDIT: In CommonCryptoLib 8.5.42 the group assignment and supported cipher suites has changed. The cipher suites class MEDIUM is now *empty*, see SAP note 3128664.
Configuration example
In this example we may want to adjust the global cipher suites settings to support a list of cipher suites based on cryptography recommended also in the latest publications from NIST, ECRYPT and the BSI for future use.
Therefore we enable only cipher suites based on AES-GCM with a key length of 128-bits at minimum, but preferring 256-bit key length, and exclude all cipher suites based on RSA key exchange as well as exclude MACs using SHA with less than 256-bit.
To achieve this we use the sub-string
eAES_GCM:+eAES128:!kRSA.We can verify the resulting list of supported cipher suites using the following command:
sapgenpse tlsinfo -v 544:TLS_FALLBACK_SCSV:eAES_GCM:+eAES128:\!kRSAPlease note: On the command-line the "!" has to be escaped.
The output contains these ciphers:
Enabled cipher suites:
TLS_ECDHE_RSA_WITH_AES256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES128_GCM_SHA256As the result list does already not contain any MACs using SHA1 the sub-string
!mSHA1 can be omitted.The result list also presents the list of cipher suites in the order offered used for negotiation during the handshake. With
+eAES128 we move AES encryption algorithms using this key length to the end of the preferred order list.Remark on undocumented syntax:
While "!" deletes matching items from the result list and deleted items can never reappear in the result,
"-" deletes matching items from the result list and deleted items can reappear in the result if added later again. This would make the order of arguments in the cipher configuration important!
Compatibility for legacy clients
After adjusting the global cipher suites we may need to determine the cipher suites needed for compatibility reasons.
For the ICM of SAP NetWeaver AS or SAP Web Dispatcher we add them only for the relevant port by adjusting the cipher suites for a dedicated, additional
icm/server_port_<xx> for the relevant protocol using sub-parameter SSLCONFIG.If a legacy configuration has to be done for other components relaying on the CCL and acting as a server which is very rare, it may be inevitable to adjust the global configuration effecting all communications.
To determine which cipher suites need to be supported we may collect TLS traces or take a look at the documentation of the client. Then we can extend the sub-string in order to offer matching cipher suites.
For example we may need to add the bulk encryption algorithm ARIA-GCM and allow RSA for key exchange resulting in the substring
eAES_GCM:eARIA_GCM:+eAES128:+eARIA128.Again we can verify the resulting list of supported cipher suites using the following command:
sapgenpse tlsinfo -v 544:TLS_FALLBACK_SCSV:eAES_GCM:+eAES128:eARIA_GCM:+eARIA128The output now contains the these ciphers:
Enabled cipher suites:
TLS_RSA_WITH_AES256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES256_GCM_SHA384
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
TLS_RSA_WITH_ARIA_256_GCM_SHA384
TLS_RSA_WITH_AES128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES128_GCM_SHA256
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
TLS_RSA_WITH_ARIA_128_GCM_SHA256Please note: As of SAP note 2384290 Solution Manager Diagnostic Agent is known to lack support for PFS cipher suites with ECDHE key exchange and therefore requires TLS cipher suites with static RSA key exchange for interoperability with CommonCryptoLib 8.
Elliptic Curves Configuration
Similar to cipher suites the CommonCryptoLib assigns sets of elliptic curves to "classes". These classes are defined by SAP.
At time of writing the following classes exist:
"EC_DEFAULT" (=EC_HIGH:EC_MEDIUM),
"EC_ALL" : All supported elliptic curves
"EC_HIGH" : High security elliptic curves
"EC_MEDIUM" : Medium security elliptic curves
"EC_LOW" : Low security elliptic curves
"EC_NIST" : NIST standardized elliptic curves, recommended in Suite B
"EC_IETF".
And again these classes are defined by SAP and do not underlay a common understanding (maybe except the EC_NIST one). From time to time SAP makes adjustments to these classes (see for example SAP Note 2415828). Almost all recommendations out there relay on these classes. Nevertheless, they do not provide control about the supported elliptic curves to a full extent as it may be desired.
Therefore we can also add elliptic curves providing strong security explicitly by listing them in the sub-string:
EC_X25519:EC_P256:EC_P384:EC_P521Please note: Defining the elliptic curves explicitly allows to specify their preferred order. If you are for example after high performance you may place Curve25519 on first place (since it is one of the fastest ECC curves), while placing other more computation time consuming ones later. You may want to keep a balance between computation time and provided security for the time being.
There is also a switch available which enables the performance optimization of elliptic curves. So we may want to add that as well:
+EC_OPTPlease note: As of SAP note 2181733: EC_OPT leads to a higher CPU load during CommonCryptoLib initialization and can delay the startup of a TLS. This delay is indeed noticeable when testing the available ciphers using sapgenpse, but just in milliseconds.
This considerations will result in the sub-string
EC_X25519:EC_P256:EC_P384:EC_P521:+EC_OPTServer vs. client
So far we dealt mostly with the settings for the CCL configuration when acting as a server. The configuration when acting as client is slightly different.
When acting as HTTP client the option "Allow blind sending of a client certificate" should be enabled if a server sends an empty list of certificate authorities. If not enabled this would lead for the client to not being able to choose an acceptable client certificate.
Please note: The client certificate, which is to be sent to a server during the TLS handshake for mutual authentication (aka. authentication with client cert aka. X.509 authentication), is typically configured in the relevant HTTP destination as "SSL-Certificate" by choosing the relevant trust store for SSL client identities.
If "SSL Client (Anonmyous)" is selected, no client certificate will be sent at all. By default "SSL Client (Default" ist selected.
Another noticeable difference is the
TLS_FALLBACK_SCSV which is only supported when acting as server. So if we want be precise we do not need to add this or other settings of the bit-mask targeting features for servers to the sub-string for the client side configuration.Sapgenpse offers also the possibility to verify the CCLs' configuration when acting as client, by adding the switch "-c", for example:
sapgenpse tlsinfo -c -v 562:eAES_GCM:+eAES128:!kRSAWith this we may compare the supported TLS protocols and cipher suites offered by the server with the list of supported cipher suites according to our custom client-side configuration. The supported TLS protocols and cipher suites offered by the server can be determined for example using the command-line tool sslscan or OpenSSL or a trace from the handshake.
Please note: When acting as client, we have to swallow the bitter pill when it comes to compatibility: We can adjust the settings for supported cipher suites only for all outgoing connections at once.
Crafting the final parameter values
Having talked about all sub-strings and how to determine their values we now are able to craft the values for our global configuration parameters:
ssl/ciphersuites = 544:TLS_FALLBACK_SCSV:eAES_GCM:+eAES128:!kRSA::EC_X25519:EC_P256:EC_P384:EC_P521:+EC_OPTssl/client_ciphersuites = 562:eAES_GCM:+eAES128:!kRSA::EC_X25519:EC_P256:EC_P384:EC_P521:+EC_OPTSAPSSL_CIPHERSUITES=544:TLS_FALLBACK_SCSV:eAES_GCM:+eAES128:!kRSA::EC_X25519:EC_P256:EC_P384:EC_P521:+EC_OPTSAPSSL_CLIENT_CIPHERSUITES=544:eAES_GCM:+eAES128:!kRSA::EC_X25519:EC_P256:EC_P384:EC_P521:+EC_OPT
8 Comments
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Labels in this area
-
"automatische backups"
1 -
"regelmäßige sicherung"
1 -
505 Technology Updates 53
1 -
ABAP
14 -
ABAP API
1 -
ABAP CDS Views
2 -
ABAP CDS Views - BW Extraction
1 -
ABAP CDS Views - CDC (Change Data Capture)
1 -
ABAP class
2 -
ABAP Cloud
2 -
ABAP Development
5 -
ABAP in Eclipse
1 -
ABAP Platform Trial
1 -
ABAP Programming
2 -
abap technical
1 -
absl
1 -
access data from SAP Datasphere directly from Snowflake
1 -
Access data from SAP datasphere to Qliksense
1 -
Accrual
1 -
action
1 -
adapter modules
1 -
Addon
1 -
Adobe Document Services
1 -
ADS
1 -
ADS Config
1 -
ADS with ABAP
1 -
ADS with Java
1 -
ADT
2 -
Advance Shipping and Receiving
1 -
Advanced Event Mesh
3 -
AEM
1 -
AI
7 -
AI Launchpad
1 -
AI Projects
1 -
AIML
9 -
Alert in Sap analytical cloud
1 -
Amazon S3
1 -
Analytical Dataset
1 -
Analytical Model
1 -
Analytics
1 -
Analyze Workload Data
1 -
annotations
1 -
API
1 -
API and Integration
3 -
API Call
2 -
Application Architecture
1 -
Application Development
5 -
Application Development for SAP HANA Cloud
3 -
Applications and Business Processes (AP)
1 -
Artificial Intelligence
1 -
Artificial Intelligence (AI)
4 -
Artificial Intelligence (AI) 1 Business Trends 363 Business Trends 8 Digital Transformation with Cloud ERP (DT) 1 Event Information 462 Event Information 15 Expert Insights 114 Expert Insights 76 Life at SAP 418 Life at SAP 1 Product Updates 4
1 -
Artificial Intelligence (AI) blockchain Data & Analytics
1 -
Artificial Intelligence (AI) blockchain Data & Analytics Intelligent Enterprise
1 -
Artificial Intelligence (AI) blockchain Data & Analytics Intelligent Enterprise Oil Gas IoT Exploration Production
1 -
Artificial Intelligence (AI) blockchain Data & Analytics Intelligent Enterprise sustainability responsibility esg social compliance cybersecurity risk
1 -
ASE
1 -
ASR
2 -
ASUG
1 -
Attachments
1 -
Authorisations
1 -
Automating Processes
1 -
Automation
1 -
aws
2 -
Azure
1 -
Azure AI Studio
1 -
B2B Integration
1 -
Backorder Processing
1 -
Backup
1 -
Backup and Recovery
1 -
Backup schedule
1 -
BADI_MATERIAL_CHECK error message
1 -
Bank
1 -
BAS
1 -
basis
2 -
Basis Monitoring & Tcodes with Key notes
2 -
Batch Management
1 -
BDC
1 -
Best Practice
1 -
bitcoin
1 -
Blockchain
3 -
BOP in aATP
1 -
BOP Segments
1 -
BOP Strategies
1 -
BOP Variant
1 -
BPC
1 -
BPC LIVE
1 -
BTP
11 -
BTP Destination
2 -
Business AI
1 -
Business and IT Integration
1 -
Business application stu
1 -
Business Architecture
1 -
Business Communication Services
1 -
Business Continuity
1 -
Business Data Fabric
3 -
Business Partner
12 -
Business Partner Master Data
10 -
Business Technology Platform
2 -
Business Trends
1 -
CA
1 -
calculation view
1 -
CAP
3 -
Capgemini
1 -
CAPM
1 -
Catalyst for Efficiency: Revolutionizing SAP Integration Suite with Artificial Intelligence (AI) and
1 -
CCMS
2 -
CDQ
12 -
CDS
2 -
Cental Finance
1 -
Certificates
1 -
CFL
1 -
Change Management
1 -
chatbot
1 -
chatgpt
3 -
CL_SALV_TABLE
2 -
Class Runner
1 -
Classrunner
1 -
Cloud ALM Monitoring
1 -
Cloud ALM Operations
1 -
cloud connector
1 -
Cloud Extensibility
1 -
Cloud Foundry
3 -
Cloud Integration
6 -
Cloud Platform Integration
2 -
cloudalm
1 -
communication
1 -
Compensation Information Management
1 -
Compensation Management
1 -
Compliance
1 -
Compound Employee API
1 -
Configuration
1 -
Connectors
1 -
Consolidation Extension for SAP Analytics Cloud
1 -
Controller-Service-Repository pattern
1 -
Conversion
1 -
Cosine similarity
1 -
cryptocurrency
1 -
CSI
1 -
ctms
1 -
Custom chatbot
3 -
Custom Destination Service
1 -
custom fields
1 -
Customer Experience
1 -
Customer Journey
1 -
Customizing
1 -
Cyber Security
2 -
Data
1 -
Data & Analytics
1 -
Data Aging
1 -
Data Analytics
2 -
Data and Analytics (DA)
1 -
Data Archiving
1 -
Data Back-up
1 -
Data Governance
5 -
Data Integration
2 -
Data Quality
12 -
Data Quality Management
12 -
Data Synchronization
1 -
data transfer
1 -
Data Unleashed
1 -
Data Value
8 -
database tables
1 -
Datasphere
2 -
datenbanksicherung
1 -
dba cockpit
1 -
dbacockpit
1 -
Debugging
2 -
Delimiting Pay Components
1 -
Delta Integrations
1 -
Destination
3 -
Destination Service
1 -
Developer extensibility
1 -
Developing with SAP Integration Suite
1 -
Devops
1 -
digital transformation
1 -
Documentation
1 -
Dot Product
1 -
DQM
1 -
dump database
1 -
dump transaction
1 -
e-Invoice
1 -
E4H Conversion
1 -
Eclipse ADT ABAP Development Tools
2 -
edoc
1 -
edocument
1 -
ELA
1 -
Embedded Consolidation
1 -
Embedding
1 -
Embeddings
1 -
Employee Central
1 -
Employee Central Payroll
1 -
Employee Central Time Off
1 -
Employee Information
1 -
Employee Rehires
1 -
Enable Now
1 -
Enable now manager
1 -
endpoint
1 -
Enhancement Request
1 -
Enterprise Architecture
1 -
ETL Business Analytics with SAP Signavio
1 -
Euclidean distance
1 -
Event Dates
1 -
Event Driven Architecture
1 -
Event Mesh
2 -
Event Reason
1 -
EventBasedIntegration
1 -
EWM
1 -
EWM Outbound configuration
1 -
EWM-TM-Integration
1 -
Existing Event Changes
1 -
Expand
1 -
Expert
2 -
Expert Insights
1 -
Fiori
14 -
Fiori Elements
2 -
Fiori SAPUI5
12 -
Flask
1 -
Full Stack
8 -
Funds Management
1 -
General
1 -
Generative AI
1 -
Getting Started
1 -
GitHub
8 -
Grants Management
1 -
groovy
1 -
GTP
1 -
HANA
5 -
HANA Cloud
2 -
Hana Cloud Database Integration
2 -
HANA DB
1 -
HANA XS Advanced
1 -
Historical Events
1 -
home labs
1 -
HowTo
1 -
HR Data Management
1 -
html5
8 -
Identity cards validation
1 -
idm
1 -
Implementation
1 -
input parameter
1 -
instant payments
1 -
Integration
3 -
Integration Advisor
1 -
Integration Architecture
1 -
Integration Center
1 -
Integration Suite
1 -
intelligent enterprise
1 -
Java
1 -
job
1 -
Job Information Changes
1 -
Job-Related Events
1 -
Job_Event_Information
1 -
joule
4 -
Journal Entries
1 -
Just Ask
1 -
Kerberos for ABAP
8 -
Kerberos for JAVA
8 -
Launch Wizard
1 -
Learning Content
2 -
Life at SAP
1 -
lightning
1 -
Linear Regression SAP HANA Cloud
1 -
local tax regulations
1 -
LP
1 -
Machine Learning
2 -
Marketing
1 -
Master Data
3 -
Master Data Management
14 -
Maxdb
2 -
MDG
1 -
MDGM
1 -
MDM
1 -
Message box.
1 -
Messages on RF Device
1 -
Microservices Architecture
1 -
Microsoft Universal Print
1 -
Middleware Solutions
1 -
Migration
5 -
ML Model Development
1 -
Modeling in SAP HANA Cloud
8 -
Monitoring
3 -
MTA
1 -
Multi-Record Scenarios
1 -
Multiple Event Triggers
1 -
Neo
1 -
New Event Creation
1 -
New Feature
1 -
Newcomer
1 -
NodeJS
2 -
ODATA
2 -
OData APIs
1 -
odatav2
1 -
ODATAV4
1 -
ODBC
1 -
ODBC Connection
1 -
Onpremise
1 -
open source
2 -
OpenAI API
1 -
Oracle
1 -
PaPM
1 -
PaPM Dynamic Data Copy through Writer function
1 -
PaPM Remote Call
1 -
PAS-C01
1 -
Pay Component Management
1 -
PGP
1 -
Pickle
1 -
PLANNING ARCHITECTURE
1 -
Popup in Sap analytical cloud
1 -
PostgrSQL
1 -
POSTMAN
1 -
Process Automation
2 -
Product Updates
4 -
PSM
1 -
Public Cloud
1 -
Python
4 -
Qlik
1 -
Qualtrics
1 -
RAP
3 -
RAP BO
2 -
Record Deletion
1 -
Recovery
1 -
recurring payments
1 -
redeply
1 -
Release
1 -
Remote Consumption Model
1 -
Replication Flows
1 -
Research
1 -
Resilience
1 -
REST
1 -
REST API
1 -
Retagging Required
1 -
Risk
1 -
Rolling Kernel Switch
1 -
route
1 -
rules
1 -
S4 HANA
1 -
S4 HANA Cloud
1 -
S4 HANA On-Premise
1 -
S4HANA
3 -
S4HANA_OP_2023
2 -
SAC
10 -
SAC PLANNING
9 -
SAP
4 -
SAP ABAP
1 -
SAP Advanced Event Mesh
1 -
SAP AI Core
8 -
SAP AI Launchpad
8 -
SAP Analytic Cloud Compass
1 -
Sap Analytical Cloud
1 -
SAP Analytics Cloud
4 -
SAP Analytics Cloud for Consolidation
2 -
SAP Analytics Cloud Story
1 -
SAP analytics clouds
1 -
SAP BAS
1 -
SAP Basis
6 -
SAP BODS
1 -
SAP BODS certification.
1 -
SAP BTP
20 -
SAP BTP Build Work Zone
2 -
SAP BTP Cloud Foundry
5 -
SAP BTP Costing
1 -
SAP BTP CTMS
1 -
SAP BTP Innovation
1 -
SAP BTP Migration Tool
1 -
SAP BTP SDK IOS
1 -
SAP Build
11 -
SAP Build App
1 -
SAP Build apps
1 -
SAP Build CodeJam
1 -
SAP Build Process Automation
3 -
SAP Build work zone
10 -
SAP Business Objects Platform
1 -
SAP Business Technology
2 -
SAP Business Technology Platform (XP)
1 -
sap bw
1 -
SAP CAP
2 -
SAP CDC
1 -
SAP CDP
1 -
SAP Certification
1 -
SAP Cloud ALM
4 -
SAP Cloud Application Programming Model
1 -
SAP Cloud Integration for Data Services
1 -
SAP cloud platform
8 -
SAP Companion
1 -
SAP CPI
3 -
SAP CPI (Cloud Platform Integration)
2 -
SAP CPI Discover tab
1 -
sap credential store
1 -
SAP Customer Data Cloud
1 -
SAP Customer Data Platform
1 -
SAP Data Intelligence
1 -
SAP Data Migration in Retail Industry
1 -
SAP Data Services
1 -
SAP DATABASE
1 -
SAP Dataspher to Non SAP BI tools
1 -
SAP Datasphere
9 -
SAP DRC
1 -
SAP EWM
1 -
SAP Fiori
2 -
SAP Fiori App Embedding
1 -
Sap Fiori Extension Project Using BAS
1 -
SAP GRC
1 -
SAP HANA
1 -
SAP HCM (Human Capital Management)
1 -
SAP HR Solutions
1 -
SAP IDM
1 -
SAP Integration Suite
9 -
SAP Integrations
4 -
SAP iRPA
2 -
SAP Learning Class
1 -
SAP Learning Hub
1 -
SAP Odata
2 -
SAP on Azure
1 -
SAP PartnerEdge
1 -
sap partners
1 -
SAP Password Reset
1 -
SAP PO Migration
1 -
SAP Prepackaged Content
1 -
SAP Process Automation
2 -
SAP Process Integration
2 -
SAP Process Orchestration
1 -
SAP S4HANA
2 -
SAP S4HANA Cloud
1 -
SAP S4HANA Cloud for Finance
1 -
SAP S4HANA Cloud private edition
1 -
SAP Sandbox
1 -
SAP STMS
1 -
SAP SuccessFactors
2 -
SAP SuccessFactors HXM Core
1 -
SAP Time
1 -
SAP TM
2 -
SAP Trading Partner Management
1 -
SAP UI5
1 -
SAP Upgrade
1 -
SAP-GUI
8 -
SAP_COM_0276
1 -
SAPBTP
1 -
SAPCPI
1 -
SAPEWM
1 -
sapmentors
1 -
saponaws
2 -
SAPUI5
4 -
schedule
1 -
Secure Login Client Setup
8 -
security
9 -
Selenium Testing
1 -
SEN
1 -
SEN Manager
1 -
service
1 -
SET_CELL_TYPE
1 -
SET_CELL_TYPE_COLUMN
1 -
SFTP scenario
2 -
Simplex
1 -
Single Sign On
8 -
Singlesource
1 -
SKLearn
1 -
soap
1 -
Software Development
1 -
SOLMAN
1 -
solman 7.2
2 -
Solution Manager
3 -
sp_dumpdb
1 -
sp_dumptrans
1 -
SQL
1 -
sql script
1 -
SSL
8 -
SSO
8 -
Substring function
1 -
SuccessFactors
1 -
SuccessFactors Time Tracking
1 -
Sybase
1 -
system copy method
1 -
System owner
1 -
Table splitting
1 -
Tax Integration
1 -
Technical article
1 -
Technical articles
1 -
Technology Updates
1 -
Technology Updates
1 -
Technology_Updates
1 -
Threats
1 -
Time Collectors
1 -
Time Off
2 -
Tips and tricks
2 -
Tools
1 -
Trainings & Certifications
1 -
Transport in SAP BODS
1 -
Transport Management
1 -
TypeScript
2 -
unbind
1 -
Unified Customer Profile
1 -
UPB
1 -
Use of Parameters for Data Copy in PaPM
1 -
User Unlock
1 -
VA02
1 -
Validations
1 -
Vector Database
1 -
Vector Engine
1 -
Visual Studio Code
1 -
VSCode
1 -
Web SDK
1 -
work zone
1 -
workload
1 -
xsa
1 -
XSA Refresh
1
- « Previous
- Next »
Related Content
- SAP Enable Now setup in Technology Blogs by Members
- SAP Sustainability Footprint Management: Q1-24 Updates & Highlights in Technology Blogs by SAP
- SAP S/4HANAとSAP Datasphereのデータ連携 : DP Agentの設定 in Technology Blogs by SAP
- How to check the version of protocols on SAP CPI? in Technology Q&A
- Group Reporting Data Collection integration with SAP S4 HANA in Technology Blogs by Members
Top kudoed authors
| User | Count |
|---|---|
| 11 | |
| 9 | |
| 7 | |
| 6 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
