Symptom
As part of continual improvement and hardening of SAP SuccessFactors SFTP infrastructure and services, we will be disabling weak ciphers globally in all our SFTP servers. The list of further allowed ciphers are in the table below.
For DC-specific information and timelines please refer to the Customer Communication sent.
You may need to accommodate this change on your end – without it, it is possible that your applications will not work in the non-production or production environment. If you are not familiar with making the required changes, please notify your company's internal IT department and request for the changes to be made as soon as possible.
This change is required in order to align with industry best practices for security and data integrity and is part of continuous security improvements.
Allowed ciphers |
Allowed MACs |
Allowed KEX ciphers |
aes256-gcm@openssh.com |
hmac-sha2-512-etm@openssh.com |
ecdh-sha2-nistp521
|
aes256-ctr |
hmac-sha2-512 |
ecdh-sha2-nistp384 |
aes192-ctr
|
hmac-sha2-256-etm@openssh.com |
ecdh-sha2-nistp256 |
aes128-gcm@openssh.com |
hmac-sha2-256 |
diffie-hellman-group18-sha512 |
aes128-ctr |
|
diffie-hellman-group16-sha512 |
chacha20-poly1305@openssh.com |
|
diffie-hellman-group14-sha256 |
|
|
diffie-hellman-group-exchange-sha256 |
|
|
curve25519-sha256 |
|
|
curve25519-sha256@libssh.org |
Read more...
Environment
SAP SuccessFactors HXM Suite
Product
Keywords
SuccessFactors, SFTP, Key Exchange algorithm, SHA1, vulnerabilities,diffie-hellman-group-exchange-sha1,SSH , KBA , LOD-SF-PLT-SEC , Security Reports , LOD-SF-PLT-FTPS , SFTP Account Creation, Reset Password & Install SSH Service , Product Enhancement
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.