cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Kernel Patch to support TLSv1.3 - SAP Note 3318423

Go to solution
dan12
Explorer

on ‎2024 Aug 27 4:24 PM

0 Kudos
1,000

Hi everyone,

We recently ran a security application to check for alerts and vulnerabilities in our VAR Solution Manager 7.2 SP 18. The report recommended enabling the TLSv1.3 protocol. According to SAP Note 3318423, this protocol is only supported in Kernel versions 793 and above (we're currently running Kernel 754 PL 300).

The note also mentions: "This note will be updated when a SAP Kernel patch becomes available, which adds support for the new protocol version TLSv1.3 to any SAP Kernel codelines prior to SAP Kernel 793."

Does anyone know when a patch will be released to support TLSv1.3 in SAP Kernel 754?

Thanks in advance!

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
S_Sriram
Active Contributor
‎2024 Aug 27 8:11 PM
0 Kudos
Hi Dan, You can check with SAP, by raising the SAP support ticket.
dan12
Explorer
‎2024 Aug 29 4:16 PM
0 Kudos
Thanks!!

Accepted Solutions (1)

Accepted Solutions (1)

Vera_Jiang
Product and Topic Expert
Product and Topic Expert
‎2024 Aug 28 6:28 AM
0 Kudos

Dear Customer, 

If you wanted to know which older Netweaver Kernels (such as Netweaver 72x, Netweaver 74x or Netweaver 753/754 Kernels) support TLSv1.3 -- then the answer is *NONE* of these Kernels and Netweaver Release support the substantially backwards-incompatible protocol version TLSv1.3 at the moment!

The 793 STACK 100 Kernel was released a week ago, and it is essentially the very first Kernel, which in combination with CommonCryptoLib 8.5.56 can hopefully configured for use TLSv1.3.
We hope to have found and fixed all problems in the 793 Kernel and in CommonCryptoLib 8 caused by the backwards-incompatible behavior of TLSv1.3.

There exist no material real-world security benefits from use of TLSv1.3 over the use of TLSv1.2 with PFS cipher suites using ECDHE key exchange.  (and TLSv1.3 produces a little more Carbon Dioxide for this).

Before considering a downport of all the necessary Kernel changes to cope with the backwards-incompatible TLSv1.3 behaviour into older Netweaver Kernels, we first have to gather interop experience from real-world usage of TLSv1.3.

Best regards,
SAP Security Team

Show replies
Show replies
Neimhin
Product and Topic Expert
Product and Topic Expert
‎2024 Dec 17 5:58 PM

I would say the fact that TLS 1.3 handshakes can usually complete the handshake with 1 fewer round trip than in TLS 1.2 is a material benefit.

Answers (0)

Ask a Question