cancel
Showing results for 
Search instead for 
Did you mean: 

How to check inbound HTTP(s) traffic is secure enough to PI

helmut_skolaut3
Active Participant
0 Kudos

Hi community

I have read carefully the blog about TLS:
https://blogs.sap.com/2021/06/09/sap-po-tls-and-ciphers-an-overview/

I am now wondering, how i find out how many inbound partner connections i have that are still using HTTP or HTTPS with TLS 1.0 in order trigger the partner to change to a more secure type of connection. This question would also imply that i am wondering which cipher has been used between SAP PI and my partners.

I want to decommission all unsecure connections, but by just disabling them, it could produce a massive business interruption - so i want to ask all the partners that have still clients using a weak security to make tests on or Test System first before deactivating http, TLS 1.0 or weak ciphers in production.

I am interested in getting your best practices on that.

BR Helmut

Accepted Solutions (1)

Accepted Solutions (1)

alex_bundschuh
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Helmut,

just have double checked with the admin of our internal systems, you can actually define user defined http logging including the TLS version and cipher suite, see SAP note https://launchpad.support.sap.com/#/notes/2379540

Alex

Answers (2)

Answers (2)

martinbindner
Explorer
0 Kudos

Hi Helmut,

Just wanted to make you aware that there is also a commercial tool, called UDO, which provides these kinds of analysis e.g. showing the ciphers and expiry dates:

And for Communication Channels it has a feature to show secure channels:

I am an employee of the company which develops the UDO solution.

BR Martin

helmut_skolaut3
Active Participant
0 Kudos

Hi Alex,

thanks for this very cool hint. I have activated it on our development system already and it works as expected, I will use it in our production environment after the holidays 😉 BTW - happy holidays to you!

One additional question, Alex - is there a way to get a merged perspective which HTTP services are consumed? I have found the in the logs the information but if there is a standard way to merge the data i don't have to create a script for it:

BR Helmut