Summary
Due to a recently discovered SSL vulnerability known as the “Sweet32” attack, DES/3DES security ciphers are no longer secure and have been disabled from our SaaS environment.
You can read more about this vulnerability in the following links:
Affected Software
| Product | Component | Version | Exploitability | Severity |
|---|
| .NET Agent | AppDynamics DotNet Agent | All | No | High |
This update is known to impact .NET APM Agents running on Windows 2003 Server where the latest security ciphers have not been installed. .NET Agents running on Windows 2008/2012, as well as all Java agents, are not affected by this update.
Impact
.NET APM Agents running on Windows 2003 Server will begin to throw the following error while attempting to communicate with the SaaS controller:
Resolution
The following article from Microsoft contains more information and a link to download the latest secure ciphers for Windows 2003 Server.
https://support.microsoft.com/en-us/help/3050509/improving-cipher-security-in-windows-server-2003
Disclaimer
The information provided in this security advisory is provided “as is” without warranty of any kind. AppDynamics disclaims all representations or warranties, either express, implied, statutory, or otherwise with respect thereto, including the warranties of merchantability and fitness for a particular purpose. In no event shall AppDynamics, its affiliates, or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits, or special damages, even if the other party has been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply to you.
Revision History
1.0 - 2/9/2017 Initial Revision