Quantcast
Channel: SCN: Message List - Security
Viewing all articles
Browse latest Browse all 5338

CRM Webclient on Internet Explorer: TLS protocol TLSv1.2

$
0
0

Usually in our Internet Explorer 11 only the transport layer protocol TLSv1.0 is activated.

To access the CRM webclient this URL is used:
https://<hostname>.<fqdn>:44311/sap/bc/bsp/sap/crm_ui_start/default.htm?sap-client=100&sap-sessioncmd=open

Now we have some other web applications that require TLSv1.1 and TLSv1.2

v1.1 ist not a problem, but when TLSv1.2 is activated within the Internet Explorer the CRM webclient can't access the system anymore (see
CM0-URL with TLSv1.2.jpgattachment).

I have found SAP note 510007 and tried several combinations for the two profile parameters ssl/ciphersuites and ssl/client_ciphersuites
but I'm not 100% sure whether this will lead to any success because of the last paragraph of topic 7 in the SAP note:


"Activating TLSv1.1 or TLSv1.2 or both on the client-side unfortunately results in handshake failures with a certain number of servers, which implement the negotiation of the SSL/TLS protocol version incorrectly (TLS protocol version intolerance). Additionally there exist network middleboxes (including proxies) that choke on newer TLS protocol versions and may interfere with attempts to negotiate TLSv1.2.  So far the IETF TLS working group has not standardized an alternative TLS protocol version negotiation scheme that would allow TLS clients to safely negotiate protocol versions > TLSv1.0 and and TLS extensions efficiently, transparently, and completely protected and in a fashion that doesn't break old buggy servers (TLS version intolerant and TLS extension intolerant servers).  Web Browsers invented a heuristics-based, complex and insecure approach ("Downgrade Dance") to this non-marginal interop problem ... and got bitten by Poodle."

Do you have any idea how I can access the CRM webclient WITH activating the transport layer protocol TLSv1.2?

 

Message was edited by: Rüdiger Höckel

 

Found this solution:

Cause

The issue occurs because SSL 2.0 and TLS 1.2 are not compatible with each other in Windows 7 and later operating systems.

 

Resolution

To use client-side certificates to establish an HTTPS connection over TLS 1.2, you must disable SSL 2.0


Viewing all articles
Browse latest Browse all 5338

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>