ONTAP Discussions

SnapCreator 4.3 how to disable SSL Medium Strength Cipher

milan_26
2,753 Views

Security scan, ran on server where SCagent is running, found this vulnerability:

 

***********************

Synopsis
The remote service supports the use of medium strength SSL ciphers.

Description
The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits.

Note: This is considerably easier to exploit if the attacker is on the same physical network.

Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.

    Plugin Output
    Here is the list of medium strength SSL ciphers supported by the remote server :

      Medium Strength Ciphers (> 64-bit and < 112-bit key)

        TLSv1
          EDH-RSA-DES-CBC3-SHA         Kx=DH          Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1   
          ECDHE-RSA-DES-CBC3-SHA       Kx=ECDH        Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1   
          DES-CBC3-SHA                 Kx=RSA         Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1   
***************

 

Where and how can I disable SSL Medium Strength Cipher? Is it on server where snap creator is running?
  

1 ACCEPTED SOLUTION

Naina
2,708 Views

There is no provision to disable medium strength SSL ciphers in Snap Creator 4.3 release, but Snap Creator 4.3.1 has disabled the usage of these ciphers(like DES & 3DES).

 

Also, Snap Creator 4.3.1 has disabled TLSv1 protocol by default. To support backward compatibility, user can enable it by setting ENABLE_SECURITY_PROTOCOL_TLS_V1 parameter to Y in snapcreator.properties and agent.properties file.

 

User can upgrade Snap Creator to 4.3.1 release to avoid this kind of vulnerabilities.

 

View solution in original post

1 REPLY 1

Naina
2,709 Views

There is no provision to disable medium strength SSL ciphers in Snap Creator 4.3 release, but Snap Creator 4.3.1 has disabled the usage of these ciphers(like DES & 3DES).

 

Also, Snap Creator 4.3.1 has disabled TLSv1 protocol by default. To support backward compatibility, user can enable it by setting ENABLE_SECURITY_PROTOCOL_TLS_V1 parameter to Y in snapcreator.properties and agent.properties file.

 

User can upgrade Snap Creator to 4.3.1 release to avoid this kind of vulnerabilities.

 

Public