topic SnapCreator 4.3 how to disable SSL Medium Strength Cipher in ONTAP Discussions https://community.netapp.com/t5/ONTAP-Discussions/SnapCreator-4-3-how-to-disable-SSL-Medium-Strength-Cipher/m-p/126457#M27304 <P>Security scan, ran on server where SCagent is running, found this vulnerability:</P><P>&nbsp;</P><P>***********************</P><P>Synopsis<BR />The remote service supports the use of medium strength SSL ciphers.<BR /><BR />Description<BR />The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits.<BR /><BR />Note: This is considerably easier to exploit if the attacker is on the same physical network.<BR /><BR />Solution<BR />Reconfigure the affected application if possible to avoid use of medium strength ciphers.<BR /><BR />&nbsp;&nbsp;&nbsp; Plugin Output<BR />&nbsp;&nbsp;&nbsp; Here is the list of medium strength SSL ciphers supported by the remote server :<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Medium Strength Ciphers (&gt; 64-bit and &lt; 112-bit key)<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; TLSv1<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EDH-RSA-DES-CBC3-SHA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Kx=DH&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Au=RSA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Enc=3DES-CBC(168)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Mac=SHA1&nbsp; &nbsp;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ECDHE-RSA-DES-CBC3-SHA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Kx=ECDH&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Au=RSA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Enc=3DES-CBC(168)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Mac=SHA1&nbsp; &nbsp;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DES-CBC3-SHA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Kx=RSA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Au=RSA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Enc=3DES-CBC(168)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Mac=SHA1&nbsp; &nbsp;<BR />***************</P><P>&nbsp;</P><P>Where and how can I disable SSL Medium Strength Cipher? Is it on server where snap creator is running?<BR />&nbsp;&nbsp;</P> Wed, 04 Jun 2025 18:04:11 GMT milan_26 2025-06-04T18:04:11Z SnapCreator 4.3 how to disable SSL Medium Strength Cipher https://community.netapp.com/t5/ONTAP-Discussions/SnapCreator-4-3-how-to-disable-SSL-Medium-Strength-Cipher/m-p/126457#M27304 <P>Security scan, ran on server where SCagent is running, found this vulnerability:</P><P>&nbsp;</P><P>***********************</P><P>Synopsis<BR />The remote service supports the use of medium strength SSL ciphers.<BR /><BR />Description<BR />The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits.<BR /><BR />Note: This is considerably easier to exploit if the attacker is on the same physical network.<BR /><BR />Solution<BR />Reconfigure the affected application if possible to avoid use of medium strength ciphers.<BR /><BR />&nbsp;&nbsp;&nbsp; Plugin Output<BR />&nbsp;&nbsp;&nbsp; Here is the list of medium strength SSL ciphers supported by the remote server :<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Medium Strength Ciphers (&gt; 64-bit and &lt; 112-bit key)<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; TLSv1<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EDH-RSA-DES-CBC3-SHA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Kx=DH&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Au=RSA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Enc=3DES-CBC(168)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Mac=SHA1&nbsp; &nbsp;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ECDHE-RSA-DES-CBC3-SHA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Kx=ECDH&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Au=RSA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Enc=3DES-CBC(168)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Mac=SHA1&nbsp; &nbsp;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DES-CBC3-SHA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Kx=RSA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Au=RSA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Enc=3DES-CBC(168)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Mac=SHA1&nbsp; &nbsp;<BR />***************</P><P>&nbsp;</P><P>Where and how can I disable SSL Medium Strength Cipher? Is it on server where snap creator is running?<BR />&nbsp;&nbsp;</P> Wed, 04 Jun 2025 18:04:11 GMT https://community.netapp.com/t5/ONTAP-Discussions/SnapCreator-4-3-how-to-disable-SSL-Medium-Strength-Cipher/m-p/126457#M27304 milan_26 2025-06-04T18:04:11Z Re: SnapCreator 4.3 how to disable SSL Medium Strength Cipher https://community.netapp.com/t5/ONTAP-Discussions/SnapCreator-4-3-how-to-disable-SSL-Medium-Strength-Cipher/m-p/126499#M27318 <P><SPAN>There is no provision to disable medium strength SSL ciphers in Snap Creator 4.3 release, but Snap Creator 4.3.1 has disabled the usage of these&nbsp;ciphers(like DES &amp; 3DES).</SPAN></P><P><SPAN>&nbsp;</SPAN></P><P><SPAN>Also, Snap Creator 4.3.1 has disabled TLSv1 protocol by default. To support backward compatibility, user can enable it by setting&nbsp;ENABLE_SECURITY_PROTOCOL_TLS_V1 parameter to Y in snapcreator.properties and agent.properties file.</SPAN></P><P>&nbsp;</P><P><SPAN>User can upgrade Snap Creator to 4.3.1 release to avoid this kind of vulnerabilities.</SPAN></P><P>&nbsp;</P> Thu, 22 Dec 2016 13:22:03 GMT https://community.netapp.com/t5/ONTAP-Discussions/SnapCreator-4-3-how-to-disable-SSL-Medium-Strength-Cipher/m-p/126499#M27318 Naina 2016-12-22T13:22:03Z