SAP Knowledge Base Article - Preview

3084768 - SFTP weak Key Exchange Algorithm disablement for SAP SuccessFactors

Symptom

As part of continual improvement and hardening of SAP SuccessFactors SFTP infrastructure and services, we will be disabling weak ciphers globally in all our SFTP servers. The list of further allowed ciphers are in the table below.  

For DC-specific information and timelines please refer to the Customer Communication sent. 

You may need to accommodate this change on your end – without it, it is possible that your applications will not work in the non-production or production environment. If you are not familiar with making the required changes, please notify your company's internal IT department and request for the changes to be made as soon as possible.  

This change is required in order to align with industry best practices for security and data integrity and is part of continuous security improvements. 

 

Note: This table applies to all DCs excluding DC66.

Allowed ciphers 

Allowed MACs 

Allowed KEX ciphers 

aes256-gcm@openssh.com 

hmac-sha2-512-etm@openssh.com 

ecdh-sha2-nistp521 

 

aes256-ctr 

hmac-sha2-512 

ecdh-sha2-nistp384 

aes192-ctr 

 

hmac-sha2-256-etm@openssh.com 

ecdh-sha2-nistp256 

aes128-gcm@openssh.com 

hmac-sha2-256 

diffie-hellman-group18-sha512 

aes128-ctr 

 

diffie-hellman-group16-sha512 

chacha20-poly1305@openssh.com 

 

diffie-hellman-group14-sha256 

 

 

diffie-hellman-group-exchange-sha256 

 

 

curve25519-sha256 

 

 

curve25519-sha256@libssh.org 


Read more...

Environment

SAP SuccessFactors HXM Suite

Product

SAP SuccessFactors HXM Suite 2211

Keywords

SuccessFactors, SFTP, Key Exchange algorithm, SHA1, vulnerabilities,diffie-hellman-group-exchange-sha1,SSH , KBA , LOD-SF-PLT-SEC , Security Reports , LOD-SF-PLT-FTPS , SFTP Account Creation, Reset Password & Install SSH Service , Product Enhancement

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.