SAP Knowledge Base Article - Preview

2092630 - Turning off SSLv3 on SAP NETWEAVER AS ABAP and AS JAVA, and on SAP HANA XS


You are using client or server components communicating with SAP NetWeaver or SAP HANA servers over HTTPS, with the SSLv3 protocol turned on or allowed in your configuration.

As reported in CVE-2014-3566, a so called man-in-the-middle attack is possible, even if the newer protocol version TLS 1.0 is turned on or configured in addition to SSLv3.



SSLv3, CBC, TLS 1.0, POODLE, SSLv3 protocol, Vulnerability, COMMONCRYPTOLIB , SAPCRYPTOLIB ,ciphersuites , KBA , BC-SEC-SSL , Secure Sockets Layer Protocol , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.