3398735 - AS ABAP | Weak SSL/TLS Key Exchange

Symptom

A scanning tool is used to perform analysis of TLS endpoints of AS ABAP systems.

The following result is returned for HTTPS ports associated with such system:

Weak SSL/TLS Key Exchange

Change the SSL/TLS server configuration to only allow strong key exchanges. Key exchanges used on the server should provide at least 112 bits of security, so the minimum key size to not flag this QID should be: 2048 bit key size for Diffie Hellman (DH) or RSA key exchanges 224 bit key size for Elliptic Curve Diffie Hellman (EDCH) key exchanges.

Environment

SAP Netweaver AS ABAP

Product

SAP NetWeaver Application Server for ABAP all versions ; SAP S/4HANA Cloud Public Edition all versions ; SAP S/4HANA all versions

Keywords

weak tls/ssl key strength, key strength, key size, dhe, ecdh, rsa, dsa , KBA , BC-SEC-SSL-CFG , SSL/TLS Configuration for ABAP , BC-SEC-SSL , Secure Sockets Layer Protocol , BC-SEC-SSF , Secure Store and Forward , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.