Skip to Content

SAP and Poodle

Anyone hear of a response yet from SAP or news on this subject?

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • avatar image
    Former Member
    Oct 20, 2014 at 09:01 PM

    Hey Joshua,

    thanks for posting this, I am curious as well. I see SAP released this note:

    2067859 - Potential Exposure to Digital Signature Spoofing

    But it doesn't specifically mention POODLE. it is a very new note though and does involve updateing CRYPTOLIB. What do you think and have you heard anything new since posting this?

    NICK

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 20, 2014 at 09:40 PM

    Joshua,

    Also check out this thread:

    http://scn.sap.com/thread/3637528

    NICK

    Add comment
    10|10000 characters needed characters exceeded

    • Nick, This note section 7 is very useful.

      \

      http://service.sap.com/sap/support/notes/510007

      Basically it describes what version of crypto was SAPcrypto was compatible with TLS1.0

      Now moving to another option..so SAPCRYPTO PL28 and higher supports TLS1.0, how in SAP can I set the webserver not to negotiate in SSL3.0 and use TLS1.0.

      This is the big question. Getting the firewall guys or clients settings is too easy, I want to stop it at the source which is the Webserver

  • Nov 11, 2014 at 03:58 PM

    Hi All,

    SAP have today published Notes on solving Poodle, they are explained here:

    Best regards,

    Andy.

    Add comment
    10|10000 characters needed characters exceeded