SSL/TLS Diffie-Hellman Modulus

July 9, 2015, 1:01 am

Latest and popular articles on SAP ERP

≫ Next: Re: Kernel Compatibility

≪ Previous: Re: Opentext Archive server for SAP

$

0

0

Hi Experts,

 

We have scanned our sap systems with an symantic network tool and now we are facing new vulnerability as subject line in one of the system. I have checked in sdn, but no where i found any suggestions about the same.

 

 

Below is the output:

 

Vulnerable connection combinations :

 

SSL/TLS version    :  TLSv1.0

Cipher suite            :  TLS1_CK_RSA_WITH_3DES_EDE_CBC_SHA

Diffie-HEllman MODP size  (bits) : 512

Logjam attack difficulty  :  Easy  (could be carried out by individuals)

 

Description:

 

The remote host allows SSLl/TLS connections with opne or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (Depending on modulud size and attacker resources). This may allow to recover the plaintext or potentially violate the integrity of connections.

 

Solution:

 

Reconfigure the services to use a unique Diffie-Hellman moduli of 2048 bits or greater.

 

Please give your suggestions to get rid of this vulnerability.

 

 

Many thanks in advance.

 

Thanks,

Jaswanth.

---

Re: Kernel Compatibility

July 9, 2015, 1:20 am

Latest and popular articles on SAP ERP

≫ Next: How to set URL encoding charset on Netweaver AS JAVA

≪ Previous: SSL/TLS Diffie-Hellman Modulus

$

0

0

Hi Parth

 

Latest version of Kernel 7.4 and above is correct, but the latest one is supported only in NW 7.4 and above (Not on NW 7.0, Ehp 1 &2 releases).

 

As per the James requested is NW 7.0 Which is supported Kernel releases 7.20 , 7.21 & 7.22(Not on Kernel 7.4)

 

Regards

SS

How to set URL encoding charset on Netweaver AS JAVA

July 9, 2015, 1:23 am

Latest and popular articles on SAP ERP

≫ Next: Re: Kernel Compatibility

≪ Previous: Re: Kernel Compatibility

$

0

0

Hi All,

 

Our project is a Java stack one deployed on Netweaver AS JAVA, now we encounter a issue.

 

When the front-end UI page sends a GET request to back-end system, and the request URL contains Chinese or Korean character parameter, for example: http://<host>:<port>/getProducts?$name=产品, when the back-end retrieve the name parameter by request.getParameter("name"), now the parsing result is a messy code. As far as I know, if we don't set the content type of the GET request, the default charset of HTTP request is ISO-8859-1, while the back-end system regards it as UTF-8, so the issue occurs.

At the same time, I found we could set the URL encoding  charset on JBoss and Tomcat as below, and it could work well.

But I couldn't find how to set the URI encoding parameter or corresponding settings on Netweaver AS JAVA. If any help it would be very appreciate.

 

Thanks for your help and support!

 

Best Regards,

Jia

Re: Kernel Compatibility

July 9, 2015, 1:38 am

Latest and popular articles on SAP ERP

≫ Next: Re: SAP SCM 7.0 Migration from Windows Server 2003 to Windows Server 2012

≪ Previous: How to set URL encoding charset on Netweaver AS JAVA

$

0

0

Thanks Sriram..

Re: SAP SCM 7.0 Migration from Windows Server 2003 to Windows Server 2012

July 9, 2015, 1:55 am

Latest and popular articles on SAP ERP

≫ Next: Re: Time out errors for program /SAPAPO/SAPLOO_TR_READ in SCM EHP3 QA system

≪ Previous: Re: Kernel Compatibility

$

0

0

Thanks all for your informative answers

 

BR,

Fadzly Iqbal

Re: Time out errors for program /SAPAPO/SAPLOO_TR_READ in SCM EHP3 QA system

July 9, 2015, 2:16 am

Latest and popular articles on SAP ERP

≫ Next: Re: SSL/TLS Diffie-Hellman Modulus

≪ Previous: Re: SAP SCM 7.0 Migration from Windows Server 2003 to Windows Server 2012

$

0

0

Hi Nikhil,

glad to know the issue is resolved.

 

Could you please let us know what steps you followed that resolved the issue.

 

Regards,

Re: SSL/TLS Diffie-Hellman Modulus

July 9, 2015, 2:46 am

Latest and popular articles on SAP ERP

≫ Next: Re: Customising email/sms alert in solman technical monitoring

≪ Previous: Re: Time out errors for program /SAPAPO/SAPLOO_TR_READ in SCM EHP3 QA system

$

0

0

Hi Jaswanth,

Please go through this link , in this in detail analysis is given about Diffie-Hellman moduli.

Morever you are required to install patches from your software vendors.

 

tls - What is Logjam and how do I prevent it? - Information Security Stack Exchange

 

Regards,

Re: Customising email/sms alert in solman technical monitoring

July 10, 2015, 3:25 am

Latest and popular articles on SAP ERP

≫ Next: Re: ERROR ORA - 12154

≪ Previous: Re: SSL/TLS Diffie-Hellman Modulus

$

0

0

Hi Divyanshu,

 

Thanks for the info.

 

I've checked and will have development team look into it and give a feedback here.

 

regards,

 

Suraj.

---

Re: ERROR ORA - 12154

July 10, 2015, 3:33 am

Latest and popular articles on SAP ERP

≫ Next: Export Error

≪ Previous: Re: Customising email/sms alert in solman technical monitoring

$

0

0

Hello,

 

The issue was with 'tnsnames.ora' file permissions which were changed during some checks by the migration team.

We reverted back the permissions and connection is OK now.

 

Thanks a lot!

Uday.

Export Error

July 10, 2015, 3:50 am

Latest and popular articles on SAP ERP

≫ Next: SOLMAN Technical Monitoring issues

≪ Previous: Re: ERROR ORA - 12154

$

0

0

Hi Experts,

 

When I am trying to export in SCC8 it is throwing error r3trans export (see se01) in few seconds only.

 

Kindly suggest.

 

 

Thanks

Sriram Patro

SOLMAN Technical Monitoring issues

July 10, 2015, 3:50 am

Latest and popular articles on SAP ERP

≫ Next: Re: SOLMAN Technical Monitoring issues

≪ Previous: Export Error

$

0

0

Hi guys,

 

My solman version is 7.1 SP12. I'm currently configuring Technical Monitoring and having a few issues/doubts.

 

1) I've already done configurations for my ECC production system (managed system). When I go to t-code SOLMAN_WORKCENTER -> Technical Monitoring -> System Monitoring, I can't see the system listed. I can see the Extended ID for other systems however.

 

 

What do I need to do to have the managed system appear in the above list.

 

2) From the solman_workcenter, I'm able to see the different metrics and values wherever applicable. Will I see same layout in the dashboard...I'm trying to configure the dashboard. I was expecting to see more or less same layout with metrics and values, is this true?

 

3) Is it possible to detect SM37 jobs running for longer than say 1 hour. I tried as per BPMON - Long running job monitoringBPMON - Long running job monitoring.

But does not seem to work..

 

 

regards,

 

Suraj

Re: SOLMAN Technical Monitoring issues

July 10, 2015, 3:53 am

Latest and popular articles on SAP ERP

≫ Next: Re: SOLMAN Technical Monitoring issues

≪ Previous: SOLMAN Technical Monitoring issues

$

0

0

This is the screenshot I referred to for Number 1 above:

 

Re: SOLMAN Technical Monitoring issues

July 10, 2015, 4:02 am

Latest and popular articles on SAP ERP

≫ Next: Re: Export Error

≪ Previous: Re: SOLMAN Technical Monitoring issues

$

0

0

There is a refresh button at the bottom right - have you clicked that ?

You can always detect long running OS process.

 

Regards,

Re: Export Error

July 10, 2015, 4:04 am

Latest and popular articles on SAP ERP

≫ Next: Open Text Archiving 10.1 Installation, Upgrade and Configuration guides

≪ Previous: Re: SOLMAN Technical Monitoring issues

$

0

0

Can you share logs or screenshot, at least ?

 

Regards,

Open Text Archiving 10.1 Installation, Upgrade and Configuration guides

July 10, 2015, 4:14 am

Latest and popular articles on SAP ERP

≫ Next: Re: Moving USR Folder for two Instance

≪ Previous: Re: Export Error

$

0

0

Hi,

 

Can anyone let me know the Open Text Archiving 10.1 Installation, Upgrade and Configuration(to ECC/ERP) guides.

 

I need to install the OT Archiving server 10.1 installation and then upgrade to 10.5.

 

Atleast I need the document names to get the guides from OpenText site.

 

Thanks for your help.

 

Cheers,

Prasad

---

Re: Moving USR Folder for two Instance

July 9, 2015, 2:46 pm

Latest and popular articles on SAP ERP

≫ Next: Re: SOLMAN Technical Monitoring issues

≪ Previous: Open Text Archiving 10.1 Installation, Upgrade and Configuration guides

$

0

0

Hi Siriam

 

The OS is Windows 2008 x64 and DB Oracle 11g

Re: SOLMAN Technical Monitoring issues

July 10, 2015, 4:35 am

Latest and popular articles on SAP ERP

≫ Next: Re: SAP Application servers are not running?

≪ Previous: Re: Moving USR Folder for two Instance

$

0

0

Thanks Divyanshu,

 

Indeed after refresh I can see the other managed systems.

 

How about the long running job - how can I detect and notify accordingly?

 

regards,

 

Suraj

Re: SAP Application servers are not running?

July 11, 2015, 1:30 am

Latest and popular articles on SAP ERP

≫ Next: Re: SAP Application servers are not running?

≪ Previous: Re: SOLMAN Technical Monitoring issues

$

0

0

Hi divyanshu,

 

I tried doing that and  am also attaching the screenshot below.Both MIGPRDAPP1 and MIGPRDAPP2 systems users have been provided full permissions but still the application servers are not starting.

Regards,

Adarsh

Re: SAP Application servers are not running?

July 11, 2015, 2:55 am

Latest and popular articles on SAP ERP

≫ Next: Re: Error during an Export DB (SAP Heterogeneous System Copy) - Run migration monitor

≪ Previous: Re: SAP Application servers are not running?

$

0

0

(\\MIGPRD\sapmnt\MIP\SYS\exe\uc\NTAMD64\sapcpe.EXEpf=\\MIGPRD\sapmnt\MIP\SYS\profile\MIP_D13_MIGPRDAPP1

Look at the above command - you have a shared sapmnt share, in which you have the kernel, which includes sapcpe.exe which syncs kernel across instances when they are started.

So, the sapcpe from shared file system in using a profile of DI to copy the sync the exe's from shared common location to D13.

 

source:\\MIGPRD\sapmnt\MIP\SYS\global/syb/NTAMD64) failed(5). EIO*:

Input/output error OR: Access is denied.

 

Looking above, what here you need to make sure the permission settings for /sapmnt and /MIP/SYS/EXE is correct. In fact, give required access to all folders and files. Make sure sap users (both <sid>adm, SAPService<SID>) and sap groups at the OS level have full permissions for these shares.

eg: read/write/execute/modify/full control

 

Once done, restart the instances and see if that works or not.

 

Regards,

Re: Error during an Export DB (SAP Heterogeneous System Copy) - Run migration monitor

July 11, 2015, 3:06 am

Latest and popular articles on SAP ERP

≫ Next: Re: Error While Deploying Offiline Components for AS JAVA

≪ Previous: Re: SAP Application servers are not running?

$

0

0

Hi JD,

 

These are SAP BW namespace objects, and so they should be retained ideally.

You may have to activate them using SE11.

Once activated - run runtime object check or database object check from SE11 itself(Display Table -- Utilities)

Check KBA 1909263 - table or view does not exist during abap export

Regards,