AnsweredAssumed Answered

SAP Web Dispatcher BEAST attack Vulnerable INSECURE

Question asked by abartili on Aug 22, 2013
Latest reply on Sep 4, 2013 by Ivan Ristić

Hi,

 

We use the SAP Web Dispatcher. A few days ago we changed some settings. After the change, our degree of SSLLABS from A to B respectively.

Changes;

  • "ssl/ciphersuites=HIGH:MEDIUM" to "ssl/ciphersuites=HIGH: MEDIUM:! mMD5."


Now only the following cipher is supported

TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA

 

Unlike the change cipher is not supported anymore

TLS_RSA_WITH_RC4_128_MD5

 

  • "icm/HTTPS/verify_client=1" to "icm/HTTPS/verify_client=0"

Was to reject the client-side certificates.  Because some browsers (Safari on windows and Android mobile browser) may misinterpret this parameter.

 

Do you have any idea about this situation?

 


Outcomes