For recommended values, please check SAP Note 510007 and SAP Note 2384290
sapgenpse tlsinfo [options] <TLS configuration>
sapgenpse tlsinfo HIGH:MEDIUM:+e3DES
Running in server mode
Configured protocol versions:
TLSv1.0, TLSv1.1, TLSv1.2
Enabled cipher suites:
TLS_RSA_WITH_AES128_GCM_SHA256
TLS_RSA_WITH_AES256_GCM_SHA384
TLS_RSA_WITH_AES128_CBC_SHA
TLS_RSA_WITH_AES256_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_3DES_EDE_CBC_SHA
(!)Elliptic curves were disabled by cipher suite configuration
(!)As no ECC cipher suites were enabled, elliptic curves will not be used with this configuration
Other options:
TLS version fallback protection support OFF
Enabled cipher suites:
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_AES128_GCM_SHA256
TLS_RSA_WITH_AES256_GCM_SHA384
TLS_RSA_WITH_AES128_CBC_SHA
TLS_RSA_WITH_AES256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Running in server mode
Configured protocol versions:
TLSv1.0
Enabled cipher suites:
TLS_RSA_WITH_AES128_CBC_SHA
TLS_RSA_WITH_AES256_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_3DES_EDE_CBC_SHA
(!)Elliptic curves were disabled by cipher suite configuration
(!)As no ECC cipher suites were enabled, elliptic curves will not be used with this configuration
Other options:
TLS version fallback protection support OFF
Running in server mode
Configured protocol versions:
TLSv1.0, TLSv1.1
Enabled cipher suites:
TLS_RSA_WITH_AES128_CBC_SHA
TLS_RSA_WITH_AES256_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_3DES_EDE_CBC_SHA
(!)Elliptic curves were disabled by cipher suite configuration
(!)As no ECC cipher suites were enabled, elliptic curves will not be used with this configuration
Other options:
TLS version fallback protection support OFF
sapgenpse tlsinfo 288:HIGH:MEDIUM:+e3DES
Running in server mode
Configured protocol versions:
TLSv1.1 (Strict Protocol Version Mode)
Enabled cipher suites:
TLS_RSA_WITH_AES128_CBC_SHA
TLS_RSA_WITH_AES256_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_3DES_EDE_CBC_SHA
(!)Elliptic curves were disabled by cipher suite configuration
(!)As no ECC cipher suites were enabled, elliptic curves will not be used with this configuration
Other options:
TLS version fallback protection support OFF
To check all cipher suites in the HIGH category, the following command is used: "sapgenpse tlsinfo HIGH"
Enabled cipher suites:
TLS_RSA_WITH_AES128_GCM_SHA256
TLS_RSA_WITH_AES256_GCM_SHA384
TLS_RSA_WITH_AES128_CBC_SHA
TLS_RSA_WITH_AES256_CBC_SHA
(!)Elliptic curves were disabled by cipher suite configuration
(!)As no ECC cipher suites were enabled, elliptic curves will not be used with this configuration
Cipher suite configuration strings:
DEFAULT : Default cipher suites (HIGH:PFS:!aNULL:!eNULL) - must be first key word
ALL : All supported cipher suites
PFS : Perfect forward secrecy: key agreement with ephemeral keys
HIGH : High security cipher suites (except PFS)
MEDIUM : Medium security cipher suites
kRSA : Cipher suites which use RSA key and certificate for key exchange
kECDHE : Cipher suites which use ephemeral ECDH key for key agreement
aRSA : Cipher suites requiring RSA certificate for server authentication
aECDSA : Cipher suites requiring ECDSA certificate for server authentication
eDES : 64 bit DES data encryption cipher suites
e3DES : 192 bit 3DES data encryption cipher suites
eRC4 : RC4 data encryption cipher suites
eRC2 : RC2 data encryption cipher suites
eAES : AES data encryption cipher suites
eAES_CBC : AES in CBC mode data encryption cipher suites
eAES_GCM : AES in GCM mode data encryption cipher suites
eAES128 : AES 128 bit data encryption cipher suites
eAES256 : AES 256 bit data encryption cipher suites
eAES128_CBC : AES 128 bit in CBC mode data encryption cipher suites
eAES256_CBC : AES 256 bit in CBC mode data encryption cipher suites
eAES128_GCM : AES 128 bit in GCM mode data encryption cipher suites
eAES256_GCM : AES 256 bit in GCM mode data encryption cipher suites
mMD5 : MD5 data protection cipher suites
mSHA1 : SHA1 data protection cipher suites
mSHA2 : SHA2 (SHA256/SHA384) data protection cipher suites
mSHA384 : SHA384 data protection cipher suites
mAEAD : Cipher suites using authenticated encryption with associated data
eNULL : Cipher suites without data encryption. Use for test purposes only
Option control key words:
TLS_FALLBACK_SCSV : Enable server support for TLS version downgrade protection
Elliptic curve configuration strings:
EC_DEFAULT : Default elliptic curves (EC_HIGH:EC_MEDIUM)
EC_ALL : All supported elliptic curves
EC_HIGH : High security elliptic curves
EC_MEDIUM : Medium security elliptic curves
EC_LOW : Low security elliptic curves
EC_NIST : NIST standardized elliptic curves, recommended in Suite B
EC_OPT : Optimize performance of previously defined elliptic curves, only valid with the '+' operator (+EC_OPT)
sapgenpse tlsinfo HIGH:!eAES256_CBC
Enabled cipher suites:
TLS_RSA_WITH_AES128_GCM_SHA256
TLS_RSA_WITH_AES256_GCM_SHA384
TLS_RSA_WITH_AES128_CBC_SHA
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
33 | |
13 | |
11 | |
10 | |
9 | |
9 | |
9 | |
9 | |
8 | |
8 |