Administrator

Configuring TLS Protocol Versions and Cipher Suites for HTTPS Connections

You can configure the list of supported Transport Layer Security (TLS) protocol versions, and the supported cipher suites, which are used to negotiate the security settings for network connections that use TLS.

Context

By default, SAP Mobile Platform Server supports only TLSv1.2 for HTTPS connections, except to the Admin port (8083); these connections support TLSv1.2, TLSv1.1, and TLSv1.

Procedure

  1. To add supported TLS protocol versions, edit the ./Server/config_master/org.eclipse.gemini.web.tomcat/default-server.xml file, and append a comma-separated list to the sslEnabledProtocols property, for example:
    sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
  2. To add supported cipher suites, append a comma-separated list to the ciphers property.
    By default, the server supports these cipher suites:
    • TLS_RSA_WITH_AES_128_CBC_SHA

    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA

    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA