cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP and Poodle

former_member206857
Active Participant

on ‎10-16-2014 2:11 PM

0 Kudos

Anyone hear of a response yet from SAP or news on this subject?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

petr_solberg
Active Contributor
‎11-11-2014 3:58 PM
0 Kudos

Hi All,

SAP have today published Notes on solving Poodle, they are explained here:

    

Best regards,

Andy.

Show replies
Show replies
Former Member
‎10-20-2014 10:40 PM
0 Kudos

Joshua,

Also check out this thread:

http://scn.sap.com/thread/3637528

NICK

Show replies
Show replies
former_member206857
Active Participant
‎10-21-2014 2:13 PM
0 Kudos

Nick, This note section 7 is very useful.

\

http://service.sap.com/sap/support/notes/510007

Basically it describes what version of crypto was SAPcrypto was compatible with TLS1.0

Now moving to another option..so SAPCRYPTO PL28 and higher supports TLS1.0, how in SAP can I set the webserver not to negotiate in SSL3.0 and use TLS1.0.

This is the big question. Getting the firewall guys or clients settings is too easy, I want to stop it at the source which is the Webserver

Former Member
‎10-20-2014 10:01 PM
0 Kudos

Hey Joshua,

thanks for posting this, I am curious as well.  I see SAP released this note:

2067859 - Potential Exposure to Digital Signature Spoofing

But it doesn't specifically mention POODLE.  it is a very new note though and does involve updateing CRYPTOLIB.  What do you think and have you heard anything new since posting this?

NICK

Show replies
Show replies
Ask a Question