Skip to main content

NetApp_Insight_2020.png 

NetApp Knowledgebase

How to disable SSLv2 and SSLv3 in SnapManager for SharePoint

Views:
104
Visibility:
Public
Votes:
0
Category:
snapmanager-for-microsoft-sharepoint
Specialty:
snapx
Last Updated:

 

Applies to

SnapManager for Microsoft SharePoint Ser 

Answer

Perform the following steps to disable SSL versions 2 and 3 for use by SnapManager for SharePoint (SMSP) to remove exposure to CVE-2014-3566, also known as POODLE.

How does CVE-2014-3566 affect SMSP?

The ideal candidate for this threat is content being accessed over public Wi-Fi or insecure networks. In this case, a man-in-the-middle attack is a potential risk, since communications over SSL between an end-user and software could expose user credentials, passwords, and other information. While this issue is not fundamentally with SMSP, it leverages Microsoft technology such as Internet Information Services (IIS) server and Microsoft Windows security provider which have SSLv3 and TLS enabled by default. The SMSP Manager-Agent or Agent-Agent communication will always negotiate communications over TLSv1 or later.

1002241-1.png


 Take the following precautionary measures to remove exposure to CVE-2014-3566:

  Note: SMSP Agents always communicate over TLS and are not subject to this vulnerability.

  • As an end-user, update Internet Explorer (IE) browser settings to disable SSL:
    1. Launch Internet Options from the Start Menu
    2. Click the Advanced tab
    3. Uncheck Use SSL 2.0 and Use SSL 3.0

1002241-2.png


How to disable SSL in SMOSS V6.x or earlier legacy software

For the Apache/Tomcat based platforms, modify the Tomcat settings on the SMOSS Manager server following these steps:

  1. Use the service management tool to 'stop' the Web Service.
  2. Edit the 'server.xml' document in the …\ZeusWeb\conf folder.
  3. Find the 'sslProtocol' flag, which is set to 'TLS' by default.
    Note: This setting also allows for SSLv3.
  4. Add the argument 'sslEnabledProtocols=”TLSv1”' as seen in the example below, to prevent SSL from being used.
    1002241-3.png
  5. Save the 'server.xml' file and change the file to 'read-only' to prevent other tools from modifying or reverting this change.
  6. Start the Web Service in the service management tool. 
  7. Test this configuration change by accessing the SMOSS management interface using a browser with only SSLv3 enabled - a successful result will be a failed connection.

Additional Information

N/A

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support