2398525 - Diffie-Hellman-group1-sha1 KEX protocol and SAP/SuccessFactors SFTP?

SAP Knowledge Base Article - Public

2398525 - Diffie-Hellman-group1-sha1 KEX protocol and SAP/SuccessFactors SFTP?

Symptom

Is Diffie-Hellman-group1-sha1 KEX protocol compatible with SAP/SuccessFactors SFTP?

Resolution

No, it is not compatible.

The Diffie-Hellman-group1-sha1 KEX for SFTP is disabled by default to protect against the LOGJAM attack. Enabling the Diffie-Hellman-group1-sha1" KEX (with the LOGJAM vulnerability) will cause EFT to be non-compliant in PCI DSS v3.1 compliance scans.

We can't override the protection and enable the Diffie-Hellman-group1-sha1 KEX for SFTP to allow client compatibility (at the expense of being vulnerable to the LOGJAM attack and being non-compliant with PCI DSS v3.1 and later).

Keywords

Diffie-Hellman-group1-sha1 KEX, SFTP, FTP protocol , KBA , LOD-SF-PLT-SFTP , LOD-SF-PLT-SFTP , How To

Product

SAP SuccessFactors HCM Core 1511 ; SAP SuccessFactors HCM Core 1602 ; SAP SuccessFactors HCM Core 1605 ; SAP SuccessFactors HCM Core 1608 ; SAP SuccessFactors HCM Core 1611 ; SAP SuccessFactors HCM Core 1702 ; SAP SuccessFactors HCM Core 1705 ; SAP SuccessFactors HCM Core 1708 ; SuccessFactors HCM Core 1207 ; SuccessFactors HCM Core 1210 ; SuccessFactors HCM Core 1302 ; SuccessFactors HCM Core 1305 ; SuccessFactors HCM Core 1308 ; SuccessFactors HCM Core 1311 ; SuccessFactors HCM Core 1402 ; SuccessFactors HCM Core 1405 ; SuccessFactors HCM Core 1408 ; SuccessFactors HCM Core 1411 ; SuccessFactors HCM Core 1502 ; SuccessFactors HCM Core 1505 ; SuccessFactors HCM Core 1508