Quantcast
Channel: SCN : Discussion List - Security
Viewing all articles
Browse latest Browse all 2353

Mitigating POODLE - Disable SSLv3/use only TLS

$
0
0

All,

 

It seems there are presently a few discussions on how to mitigate POODLE, but they are fragmented and incomplete.  For the sake of this discussion, I'd like to disable all SSLv3 on AS ABAP and AS Java.  Vulnerability scans have turned up the following ports:

 

5XX14 - HTTPS Start Service

443XX - HTTPS for ABAP ICM

5XX01 - HTTPS Dispatcher for Java

 

In summary, I'd like suggestions on how to disable SSLv3 (only run TLS) on the following platforms:

 

  • AS ABAP HTTPS ICM (Netweaver 7.0)
  • AS ABAP HTTPS ICM (Netweaver 7.3)
  • AS JAVA HTTPS Dispatcher (Netweaver 7.3)
  • AS JAVA HTTPS Dispatcher (Netweaver 7.0)
  • HTTPS Start Service (TCP Port 5XX14)

 

I look forward to your thoughts.

 

POODLE Discussion threads I have found:

 

SAP and Poodle

Question: Security Threat OSS Note 2067859

 

Relevant OSS Notes I've seen Discussed:

510007


Viewing all articles
Browse latest Browse all 2353

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>