It was determined that some SAP kernel components of an SAP system are using a self-signed certificate and/or that the TLS version in use by those ports is not considered secure (e.g., TLSv1.0 is used).
This is related to the Secure Internal Server Communication feature (SAP Note 2040644).
The ports in question are:
- Message Server internal port (parameter "rdisp/msserv_internal"; TCP port 39XX, by default, where "XX" is the instance number).
- Standalone Enqueue Server (TCP port 32XX).
Notice that the Dispatcher uses the same port number, but the Secure Internal Server Communication feature is not active for the Dispatcher port.
- RFC Gateway internal port (uses a random TCP port by default; a fixed port number can be defined through the parameter "gw/internal_port").
- SAP Start Service - sapstartsrv (TCP port 5XX14).
- SAP NetWeaver ABAP based product
- SAP ABAP Platform based product
- SAP_BASIS Release 7.40 SP8/higher and minimal kernel version 742
KBA , BC-CST , Client/Server Technology , BC-SEC-SSL , Secure Sockets Layer Protocol , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.