We have many systems using SAP SNC. All SPN's are added to keytab files and in general this is working fine. Some clients seems to use an unsupported cipher (DH), but how to find out for which SAP SID or users use an unsupported cipher?
Output from sncdecr status:
Cipher suite diagnostic:
Well know ciphers:
Well know mechanisms:
I cannot find any solution on the probe or in the reports for this. Any suggestion anyone?
Solved! Go to Solution.
"find out which SAP SID or users use an unsupported cipher" is catch-22: you can't get to know SID and user name without decryption.
Use "sncdecr status alll" to get more information on servers for which DH is enabled. Since encryption is typically configure per server, that should suffice.
Hope this helps
The difficulty is that we are using a SAP Router. Meaning all traffic is to one server only, so I am unable to tell the difference from the "sncdecr status all" command.
I was hoping there would be a way to identify the user or client IP address that is using the unsupported cipher. Would that be possible you think?
If router is involved, that's not possible with the current version. But it will be possible in one of upcoming updates to release 2019 (yes we plan updates already, even though 2019 GA is a month away:-)
In the mean time, you may open a Support call with this request, development may be able to provide you with a custom AMD build with that new feature added for testing/debug in your environment (assuming AMDs you have are not too old).