ONTAP Discussions

SnapCreator 4.3 how to disable SSL Medium Strength Cipher


Security scan, ran on server where SCagent is running, found this vulnerability:



The remote service supports the use of medium strength SSL ciphers.

The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits.

Note: This is considerably easier to exploit if the attacker is on the same physical network.

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

    Plugin Output
    Here is the list of medium strength SSL ciphers supported by the remote server :

      Medium Strength Ciphers (> 64-bit and < 112-bit key)

          EDH-RSA-DES-CBC3-SHA         Kx=DH          Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1   
          ECDHE-RSA-DES-CBC3-SHA       Kx=ECDH        Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1   
          DES-CBC3-SHA                 Kx=RSA         Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1   


Where and how can I disable SSL Medium Strength Cipher? Is it on server where snap creator is running?


Re: SnapCreator 4.3 how to disable SSL Medium Strength Cipher


There is no provision to disable medium strength SSL ciphers in Snap Creator 4.3 release, but Snap Creator 4.3.1 has disabled the usage of these ciphers(like DES & 3DES).


Also, Snap Creator 4.3.1 has disabled TLSv1 protocol by default. To support backward compatibility, user can enable it by setting ENABLE_SECURITY_PROTOCOL_TLS_V1 parameter to Y in snapcreator.properties and agent.properties file.


User can upgrade Snap Creator to 4.3.1 release to avoid this kind of vulnerabilities.


View solution in original post

Earn Rewards for Your Review!
GPI Review Banner
All Community Forums