Usage Note 54376: Disabling Secure Sockets Layer (SSL) 3.0 in SAS® Web Server, SAS® Web Application Server, and SAS® Environment Manager Server
If you configure SAS Web Server, SAS Web Application Server, or SAS Environment Manager Server for HTTPS, Secure Sockets Layer (SSL) 3.0 is enabled by default. SSL 3.0 has the POODLE vulnerability that is described in these documents:
To disable SSL 3.0 in these servers, follow the steps below.
SAS® Web Server
-
Open the httpd-ssl.conf file that resides in the conf/extra directory under the SAS Web Server directory.
- Specify -SSLv3 in the SSLProcotol directive, as shown below:
SSLProtocol all -SSLv2 -SSLv3
-
Then restart the server.
Note: As of revision 94_14w47 for the second maintenance release of SAS
® 9.4 (TS1M2),
-SSLv3 is specified as shown above by default.
SAS® Web Application Server
-
Open the server.xml file that resides in the conf directory under the directory for each SAS Web Application Server instance.
- In that file, specify the sslProtocols parameter in the <Connector> element that specifies SSLEnabled="true":
<Connector ... sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"/>
- Then restart the server.
SAS® Environment Manager Server
-
Open the server.xml file that resides in the server-5.0.0-EE/hq-engine/hq-server/conf directory under the SAS Environment Manager directory.
- Specify the sslProtocols parameter in the <Connector> element that specifies SSLEnabled="true":
<Connector ... sslProtocols="TLSv1,TLSv1.1,TLSv1.2"/>
-
Then restart the server.
Note: As of revision 94_14w47 for SAS 9.4 TS1M2, the sslProtocols parameter is specified as shown above by default.
Operating System and Release Information
| SAS System | SAS Web Server | Microsoft® Windows® for x64 | 9.4 | | 9.4 TS1M0 | |
| 64-bit Enabled AIX | 9.4 | | 9.4 TS1M0 | |
| 64-bit Enabled Solaris | 9.4 | | 9.4 TS1M0 | |
| HP-UX IPF | 9.4 | | 9.4 TS1M0 | |
| Linux for x64 | 9.4 | | 9.4 TS1M0 | |
| Solaris for x64 | 9.4 | | 9.4 TS1M0 | |
| SAS System | SAS Web Application Server | Microsoft® Windows® for x64 | 9.4 | | 9.4 TS1M0 | |
| 64-bit Enabled AIX | 9.4 | | 9.4 TS1M0 | |
| 64-bit Enabled Solaris | 9.4 | | 9.4 TS1M0 | |
| HP-UX IPF | 9.4 | | 9.4 TS1M0 | |
| Linux for x64 | 9.4 | | 9.4 TS1M0 | |
| Solaris for x64 | 9.4 | | 9.4 TS1M0 | |
| SAS System | SAS Environment Manager | Microsoft® Windows® for x64 | 2.1 | | 9.4 TS1M0 | |
| 64-bit Enabled AIX | 2.1 | | 9.4 TS1M0 | |
| 64-bit Enabled Solaris | 2.1 | | 9.4 TS1M0 | |
| HP-UX IPF | 2.1 | | 9.4 TS1M0 | |
| Linux for x64 | 2.1 | | 9.4 TS1M0 | |
| Solaris for x64 | 2.1 | | 9.4 TS1M0 | |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
| Date Modified: | 2015-01-26 11:38:21 |
| Date Created: | 2014-10-18 18:33:52 |
