SAP Knowledge Base Article - Preview

3299455 - Weak SSL/TLS Key Exchange


  • You found vulnerabilities for  Weak SSL/TLS Key Exchange
  • Impact- An attacker with access to sufficient computational power might be able to recover the session key and decrypt session content.
  • Threat - """QID Detection Logic:
    For a SSL enabled port, the scanner probes and maintains a list of supported SSL/TLS versions. For each supported version, the scanner does a SSL handshake to get a list of KEX methods supported by the server. It reports all KEX methods that are considered weak. The criteria of a weak KEX method is as follows: The SSL/TLS server supports key exchanges that are cryptographically weaker than recommended. Key exchanges 
    should provide at least 112 bits of security, which translates to a minimum key size of 2048 bits for Diffie Hellman and RSA key exchanges or 224 bits for Elliptic Curve Diffie Hellman key exchanges."""



SAP UME by Knoa All versions


KBA , XX-PART-KNO , Knoa Experience and Performance Manager , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.