February 1, 2022 at 4:17 am
Hi
We have got few point of action for vulnerability CVE-2004-2761(SSL Certificate Signed Using Weak Hashing Algorithm)on our SQL servers.
, OS Windows Server 2016 Standard. Please let us know how can we close this.
Regards
Prasanna Shetty
February 1, 2022 at 6:37 am
Two options.
Upgrade to SQL2017 or SQL2019
Create your own SSL certificate trusted by a CA and put that in place instead.
You don’t need to enforce encrypted connections but you need to have the certificate thumbprint in the configuration to use your cert and not the fallback cert.
February 1, 2022 at 7:22 am
Thanks Ant-Green
February 5, 2024 at 3:35 pm
Hi sir, the problem is that as a practice we have be never used SSL certificate trusted by a CA in our SQL instances, what should we do in this specific case to solve the vulnerability?
Thanks
February 5, 2024 at 7:00 pm
Hi sir, we have other SQL Server 2016 instances, why doesn't the vulnerability appear in them as well?
February 5, 2024 at 7:53 pm
Probably not using the default fallback cert.
But still you should be upgrading. 2016 is a dead product now in terms of MSFT.
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply