SAP Knowledge Base Article - Preview

2628816 - SSL port failed in vulnerability scan - SAP ASE 15.5

Symptom

In ASE15.5, SSL port may be reported as 'Vulnerability' by some audit software if ASE is using the following weak ciphers,

1> sp_ssladmin setcipher, "Weak"

2> go

The following cipher suites and order of preference are set for SSL connections:

Cipher Suite Name                                                Preference

---------------------------------------------------------------- -----------

TLS_RSA_WITH_DES_CBC_SHA                                                      1

TLS_DHE_DSS_WITH_DES_CBC_SHA                                               2

TLS_DHE_RSA_WITH_DES_CBC_SHA                                               3

TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA                                   4

TLS_RSA_EXPORT1024_WITH_RC4_56_SHA                                      5

TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA                              6

TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA                            7

TLS_RSA_EXPORT_WITH_RC4_40_MD5                                             8

TLS_RSA_EXPORT_WITH_DES40_CBC_SHA                                        9

TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA                               10

TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA                                11


Read more...

Environment

  • SAP Adaptive Server Enterprise (ASE) 15.5

Product

Sybase Adaptive Server Enterprise 15.5

Keywords

ASE SSL, sp_ssladmin, weak, strong, TLS_RSA_WITH_DES_CBC_SHA , KBA , BC-SYB-ASE , Sybase ASE Database Platform (non Business Suite) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.