Re: TLS_FALLBACK_SCSV (server-side)
Just to clarify a few urban myths you cited. TLS_FALLBACK_SCSV has an extremely limited usefulness and creates certain interop risks (which the folks who invented the stupid idea of a handshake failure...
View ArticleRe: TLS_FALLBACK_SCSV (server-side)
Hi Martin, That simply isn't true. Although the deadline has changed from June 30th 2016 to June 30th 2018 (just before I made my last post, unbeknownst to me), migrating away from early TLS is still a...
View ArticleRe: TLS_FALLBACK_SCSV (server-side)
Dear Rob, I'm sorry, but you seem to be looking at the wrong documents (awfully clueless and misleading documents admittely). Some of what the clueless documents say is formally provable nonsense,and...
View ArticleRe: TLS_FALLBACK_SCSV (server-side)
Hi Martin, POS POI terminals are a special case. I have it in writing, sat on my desk as I type this, that "secure protocol option" means that SSL v3.0 and TLS v1.0 must be disabled, and TLS v1.1...
View ArticleRe: TLS_FALLBACK_SCSV (server-side)
Hi Rob, This artificial distinction between TLSv1.0 and TLSv1.1 is formally provable technical nonsense, so I'm going to read it in the fashion that makes sense (in a scientific sense) and is meant by...
View ArticleRe: TLS_FALLBACK_SCSV (server-side)
Hi Martin, Whether it's "formally provable technical nonsense" or otherwise, and regardless of what you think NIST might have intended to mean (even though they specifically call out TLS v1.0 as being...
View ArticleRe: TLS_FALLBACK_SCSV (server-side)
And, just to make this thread even more colourful, we plan to support TLS_FALLBACK_SCSV in one of the next releases of CommonCryptoLib. We´ll keep you in the loop. -- Stephan
View ArticleRe: TLS_FALLBACK_SCSV (server-side)
Rob, Which part of the word "secure service option" in the requirements for service providers in the official PCI-DSS 3.2 spec, Requirement A2.3 is unclear to you? What you allege would need wording...
View ArticleRe: TLS_FALLBACK_SCSV (server-side)
Hi Martin, I'm not alleging it. The PCI SSC are alleging it. That's not up to me. Feel free to take it up with them if you like: PCI SSC (@PCISSC) | Twitter Clients which provide cardholder data to...
View ArticleRe: Service Provider has received SAML2Response from Identity Provider whose...
Hi Bryan, For Apache proxy, you may refer to a help doc:Configuring SAML for Use in SAP Gateway - SAP Gateway Foundation (SAP_GWFND) - SAP Library In one of my cases, nginx is used and I add this in...
View ArticleEnterprise Browser Authentication configuration not working
Hi all, We try to auto logon on Zebra enterprise browser on MC9190 but not working auto logon on https service. We add below tags in config.xml but it doesnt work, Anybody help us? Please urgent...
View ArticleSAP Netweaver SSO 2.0 support for SLES 12
Hello, I need some clarification about the OS support / release startegy for SAP netweaver SSO 2.0 related to Suse Linux 12. If I look at the PAM, there is no full support of SAP NWSSO 2.0 for SLES12....
View ArticleRe: SAP Netweaver SSO 2.0 support for SLES 12
Hi Steve, as far as I got your use case, you do not require a platform Secure Login Library (recommended: CommonCryptoLib) on your AS Java system. It is only required for:- ICM (where CommonCryptoLib...
View ArticleRe: SAP Netweaver SSO 2.0 support for SLES 12
Steve, as I said, SUSE12 was just missing in the PAM. Have a look at it now, we´ve fixed it. But, just to make sure you got the point, we strongly recommend to use the CommonCryptoLib which comes with...
View ArticleRe: SAP Netweaver SSO 2.0 support for SLES 12
Hi Stephan, Thanks a lot for the update of the PAM and also the information about the Common Crypto Lib. Really helpful ! Thanks and best regards, Steve.
View ArticleTransaction SPNEGO does not exist
Dear Experts, We are trying to configure the new SSO 2.0 SP3 setup in our landscape and as part of that when we try to configure the SSO in ABAP systems which is based on 731 SP6 and with kernel...
View ArticleConfiguring a LDAPS destination in Secure Login Server 2.0 SP6
Hello, I need to configure a LDAPS connection in the Destination Management of Secure Login Server 2.0 SP6.If I'm using port 389 and deselect "Use SSL for LDAP Access", then the connection test works...
View ArticleRe: Transaction SPNEGO does not exist
Hello Vimalan, Check the note 1798979 - SPNego ABAP: Downport 7.31 SP 7 (or higher)(additionally apply notes 1819808 and 1832706) Regards,Yuksel AKCINAR
View ArticleRe: Configuring a LDAPS destination in Secure Login Server 2.0 SP6
Hi Markus,just a guess: If you really use IP:PORT then the LDAPS server's certificate CN will not match. The LDAPS server's hostname used for connection needs to match the certificates CN or SAN. Might...
View Article