/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
Third party security scan tool reports that AS Java has enabled weak TLS/SSL version and weak cipher suites. Example alerts:
- SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Server Side Vulnerability (BEAST)
- Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)
- SSL/TLS Server supports TLSv1.0
- SSL/TLS use of weak RC4(Arcfour) cipher
- Host is Vulnerable to Extended Master Secret TLS Extension (TLS triple handshake)
- TLS/SSL Server Does Not Support Any Strong Cipher Algorithms
- No common SSL cipher suite with SSL client
- SSL API error
- etc.
Read more...
Environment
SAP NetWeaver Application Server Java all versions
Product
SAP Java Virtual Machine all versions ; SAP NetWeaver Application Server for Java all versions ; SAP NetWeaver all versions
Keywords
Nessus, VASCan , KBA , BC-SEC-SSL , Secure Sockets Layer Protocol , BC-JAS-SEC , Security, User Management , BC-JAS-SEC-CPG , Cryptography , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)