on 2022 Dec 13 2:22 PM
Hi, we were told by our IT that they plan to install above mentioned Microsoft Security Patch from November 2022. They identified our SAP FC Technical User as using RC4 encryption type. Does this patch cause any issues or is there any reconfiguration needed to use AES? Anyone heard before from this?
This is what they shared on technical details:
“This update will set AES as the default encryption type for session keys on accounts that are not marked with a default encryption type already. “ – Required will be the definition of the supported encryption type, either AES or older version RC4. Support of RC4 won’t be stopped with this patch, however, applications need to be changed to use AES during upcoming months. Detailed communication will be shared beginning of next year.
We are using:
SAP FC 10.1 SP9 Patch8
SAP Intelligence Platform Services: 4.2 Support Package 05 Patch 800
SAP Financial Information Management: 10.0 Support Package 18 Patch 7
SAP Data Services: 4.2 Support Package 10 patch 04
Thanks in advance
Request clarification before answering.
Hi David,
I would also recommend you to open an incident so that can be further investigated.
Kind regards
Adélaïde
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi David,
yes. It does have an impact especially if your systems does not have the AES capability (usually older versions of SAP products).
For example: Check note https://launchpad.support.sap.com/#/notes/3270067 (but this just talks about SPNEGO based SSO for Java). you may have to check if your existing products has AES key algorithm enabled. Else look out for Notes specific to the products or submit a ticket to SAP. As this vulnerability fix patch is new, SAP did not release much notes about it yet.
BR
Balaji
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
3 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.