on 2024 Dec 10 4:01 AM
I need on how to remediate system vulnerability reported by our VA tool. It is related to TLS. The step suggested by the tool is very general and not specific for SAP ECC on Suse Linux environment. Please find the attached file for detailed vulnerability.
Regards,
Zaharah
Request clarification before answering.
I can provide a general approach to addressing TLS vulnerabilities in such an environment. Here are the steps you can follow:
Review the Vulnerability Report: Carefully read the vulnerability report generated by your VA tool. Identify the specific TLS-related issues, such as weak ciphers, outdated protocols, or misconfigurations.
Update OpenSSL: Ensure that OpenSSL is up-to-date on your SUSE Linux system. You can update OpenSSL using the following commands:
sudo zypper refresh sudo zypper update openssl
Configure Strong Ciphers and Protocols:
[system_default_sect] MinProtocol = TLSv1.2 CipherString = DEFAULT@SECLEVEL=2
Update SAP Profile Parameters:
ssl/ciphersuites = 135:PFS:HIGH::EC_P256:EC_HIGH ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH ssl/protocols = !SSLv2:!SSLv3:TLSv1.2:TLSv1.3
Restart SAP Services: After making the necessary changes, restart the SAP services to apply the new configurations. You can do this using the following commands:
sudo su - <sidadm> stopsap startsap
Verify the Configuration: Use tools like openssl s_client or online SSL/TLS testing services to verify that the changes have been applied correctly and that the system is no longer vulnerable.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
52 | |
6 | |
5 | |
5 | |
5 | |
4 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.