question

udhayand-8188 avatar image
0 Votes"
udhayand-8188 asked Cathyji-msft edited

Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32) - Disabling 3DES in SQL Server host

Hi,

I have couple of Vulnerabilities to be remediated. While the workaround looks simple by disabling it in registry, i wanted to know the impact on SQL Server services running in the node because the scan report shows both the vulnerabilities on port 1433 TCP

SSL/TLS use of weak RC4(Arcfour) cipher
Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)



Thanks

sql-server-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Cathyji-msft avatar image
0 Votes"
Cathyji-msft answered Cathyji-msft edited

Hi @udhayand-8188,

SSL/TLS use of weak RC4(Arcfour) cipher. SQL Server use Transport Layer Security (TLS) to encrypt data that is transmitted across a network between an instance of SQL Server and a client application. This increases the security of data transmitted across networks between instances of SQL Server and applications.

If you disable TLS, it is not security for data transmitted across networks between instances of SQL Server and applications.

SQL Database, SQL Managed Instance, and Azure Synapse Analytics enforce encryption (SSL/TLS) at all times for all connections. This ensures all data is encrypted "in transit" between the client and server irrespective of the setting of Encrypt or TrustServerCertificate in the connection string. Refer to this MS document.

By the way, starting with SQL Server 2016 (13.x), Secure Sockets Layer (SSL) has been discontinued. Use Transport Layer Security (TLS) instead.


If the response is helpful, please click "Accept Answer" and upvote it, thank you.




· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @Cathyji-msft

Yes i would love to. Problem is I have SQL server 2012/2014 instances as well and i need to fix these vulnerabilities reported by Qualys scan.

Thanks

0 Votes 0 ·

Hi @udhayand-8188,

Suggest you using other solution to fix the vulnerabilities.

By the way, if the reply could help you, please "Accept answer" or "Up-Vote" for the same which might be beneficial to other community members reading this thread.




0 Votes 0 ·