All,
It seems there are presently a few discussions on how to mitigate POODLE, but they are fragmented and incomplete. For the sake of this discussion, I'd like to disable all SSLv3 on AS ABAP and AS Java. Vulnerability scans have turned up the following ports:
5XX14 - HTTPS Start Service
443XX - HTTPS for ABAP ICM
5XX01 - HTTPS Dispatcher for Java
In Netweaver 7.0, AS Java, disabling SSLv3 is pretty simple. You use Visual Administrator --> Server --> Services --> SSL Provider --> Select a Dispatcher --> Cipher Suits...then get rid of any options that start with "SSL". Since there is no Visual Administrator in NW 7.3, I have not been able t o figure out how to disable SSLv3 on AS Java for NW 7.3.
In summary, I'd like suggestions on how to disable SSLv3 (only run TLS) on the following platforms:
- AS ABAP HTTPS ICM (Netweaver 7.0)
- AS ABAP HTTPS ICM (Netweaver 7.3)
- AS JAVA HTTPS DIspatcher (Netweaver 7.3)
- HTTPS STart Service (TCP Port 5XX14)
I look forward to your thoughts.