Skip to main content
NetApp Knowledge Base

How to disable SSLv2 and SSLv3 in SnapManager for SharePoint

  1. Last updated
  2. Save as PDF
Views:
472
Visibility:
Public
Votes:
3
Category:
snapmanager-for-microsoft-sharepoint
Specialty:
legacy
Last Updated:

 

Applies to

SnapManager for Microsoft SharePoint Ser 

Answer

Perform the following steps to disable SSL versions 2 and 3 for use by SnapManager for SharePoint (SMSP) to remove exposure to CVE-2014-3566, also known as POODLE.

How does CVE-2014-3566 affect SMSP?

The ideal candidate for this threat is content being accessed over public Wi-Fi or insecure networks. In this case, a man-in-the-middle attack is a potential risk, since communications over SSL between an end-user and software could expose user credentials, passwords, and other information. While this issue is not fundamentally with SMSP, it leverages Microsoft technology such as Internet Information Services (IIS) server and Microsoft Windows security provider which have SSLv3 and TLS enabled by default. The SMSP Manager-Agent or Agent-Agent communication will always negotiate communications over TLSv1 or later.

SnapManager for Microsoft SharePoint Ser


 Take the following precautionary measures to remove exposure to CVE-2014-3566:

  Note: SMSP Agents always communicate over TLS and are not subject to this vulnerability.

  • As an end-user, update Internet Explorer (IE) browser settings to disable SSL:
    1. Launch Internet Options from the Start Menu
    2. Click the Advanced tab
    3. Uncheck Use SSL 2.0 and Use SSL 3.0

SnapManager for Microsoft SharePoint Ser


How to disable SSL in SMOSS V6.x or earlier legacy software

For the Apache/Tomcat based platforms, modify the Tomcat settings on the SMOSS Manager server following these steps:

  1. Use the service management tool to 'stop' the Web Service.
  2. Edit the 'server.xml' document in the …\ZeusWeb\conf folder.
  3. Find the 'sslProtocol' flag, which is set to 'TLS' by default.
    Note: This setting also allows for SSLv3.
  4. Add the argument 'sslEnabledProtocols=”TLSv1”' as seen in the example below, to prevent SSL from being used.
    SnapManager for Microsoft SharePoint Ser
  5. Save the 'server.xml' file and change the file to 'read-only' to prevent other tools from modifying or reverting this change.
  6. Start the Web Service in the service management tool. 
  7. Test this configuration change by accessing the SMOSS management interface using a browser with only SSLv3 enabled - a successful result will be a failed connection.

Additional Information

N/A

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.