SAP Knowledge Base Article - Preview

3084768 - SFTP weak Key Exchange Algorithm disablement for SAP SuccessFactors

Symptom

As part of continual improvement and hardening of SAP SuccessFactors SFTP infrastructure and services, we will be disabling weak ciphers globally in all our SFTP servers. The list of further allowed ciphers are in the table below.  

For DC-specific information and timelines please refer to the Customer Communication sent. 

You may need to accommodate this change on your end – without it, it is possible that your applications will not work in the non-production or production environment. If you are not familiar with making the required changes, please notify your company's internal IT department and request for the changes to be made as soon as possible.  

This change is required in order to align with industry best practices for security and data integrity and is part of continuous security improvements. 

Allowed ciphers 

Allowed MACs 

Allowed KEX ciphers 

aes256-gcm@openssh.com 

 hmac-sha2-512-etm@openssh.com

ecdh-sha2-nistp521 *

 

aes256-ctr *

hmac-sha2-512 *

ecdh-sha2-nistp384 *

aes192-ctr *

 

 hmac-sha2-256-etm@openssh.com

ecdh-sha2-nistp256 *

aes128-gcm@openssh.com 

hmac-sha2-256 *

diffie-hellman-group18-sha512 

aes128-ctr *

 

diffie-hellman-group16-sha512 

 

 

diffie-hellman-group14-sha256 *

 

 

diffie-hellman-group-exchange-sha256 *

 

 

curve25519-sha256 

 

 

curve25519-sha256@libssh.org 

April 27, 2024 Update: Following ciphers removed from supported list for security reasons-

WFA Canvas SFTP library only supports the ones with *.


Read more...

Environment

SAP SuccessFactors HXM Suite

Product

SAP SuccessFactors HCM Suite all versions

Keywords

SuccessFactors, SFTP, Key Exchange algorithm, SHA1, vulnerabilities,diffie-hellman-group-exchange-sha1,SSH , KBA , LOD-SF-PLT-SEC , Security Reports , LOD-SF-PLT-FTPS , SFTP Account Creation, Reset Password & Install SSH Service , Product Enhancement

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.