I am trying to determine which encryption algorithm is in use during saprouter to saprouter SNC connections.
In a lab environment, I have implemented saprouter to saprouter with SNC using some locally signed digital certificates. For these tests I used saprouter version 40.4 and sapcryptolib 5.5.5C pl36:
Platform: Linux on x86_64/x64 64-bit (linuxx86_64_gcc33)
Versions: SAPGENPSE 1.5 pl36 (Jul 3 2013)
SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
I can verify from the saprouter log file that the sessions between the saprouters are indeed using SNC:
Tue Oct 29 15:59:57 2013 CONNECT FROM C19/- host 127.0.0.1/37733 (localhost)
Tue Oct 29 15:59:57 2013 CONNECT TO S19/12 host 127.0.0.1/3298 (127.0.0.1) (p:CN=saprtr2)
Tue Oct 29 15:59:57 2013 ESTABLISHED S19/12 (-/SNC)
Tue Oct 29 15:59:57 2013 DISCONNECT C19/12 host 127.0.0.1/37733 (localhost)
In the saprouter level 3 trace files I see the following:
->> SncSetQOP(snc_hdl=0x1c435b0, min=default, max=default, qop=default)
<<- SncSetQOP()==SAP_O_K
in: qop values = "min=8 (default), max=8 (default), use=8 (default)"
resulting = "min=3 (old:3), max=3 (old:3), use=3 (old:3)"
where I understand QOP to be "Quality of Privacy" and level 9 is the highest. So here I'm nowhere near the highest privacy level. Perhaps I have no encryption on my SNC session at all?
I'm in the process of repeating the tests with commoncryptolib and the SAP Note 1848999 refers to many different encryption algorithms.
So my questions are:
1. How can I determine which encryption alogrithm is in use during an SNC session?
2. How can I specify a minimum privacy level for SNC with saprouter?
Thank you,
Josh