on 10-16-2014 2:11 PM
Anyone hear of a response yet from SAP or news on this subject?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Nick, This note section 7 is very useful.
\
http://service.sap.com/sap/support/notes/510007
Basically it describes what version of crypto was SAPcrypto was compatible with TLS1.0
Now moving to another option..so SAPCRYPTO PL28 and higher supports TLS1.0, how in SAP can I set the webserver not to negotiate in SSL3.0 and use TLS1.0.
This is the big question. Getting the firewall guys or clients settings is too easy, I want to stop it at the source which is the Webserver
Hey Joshua,
thanks for posting this, I am curious as well. I see SAP released this note:
2067859 - Potential Exposure to Digital Signature Spoofing
But it doesn't specifically mention POODLE. it is a very new note though and does involve updateing CRYPTOLIB. What do you think and have you heard anything new since posting this?
NICK
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.