SSL 3.0 vunerability and how to handle this issue?

Windows Server 2003 and 2008 R2.  I am getting a message from my network security folks saying this.
McAfee is currently unaware of a vendor-supplied patch or update (2014-10-24).
The following workaround can be used to mitigate this issue:
Disable SSL 3.0 and/or CBC-mode ciphers in SSLv3.

I have all my ciphers set to '0" but not sure what CBC-mode means?  Can some clarify this.  The other option is to upgrade to TLS.  I sure would like to just disable the ciphers if possible.  I am not sure if the TLS works on all browsers.

Can someone please explain disable CBC-mode ciphers and give me direction on how to upgrade  to TSL and if there will be folks who's browsers wont' work with TLS?
kdschoolAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
CBC cypher block chaining. All but Windows XP IE 8 support TLS
set-perfectFSecutity.ps1.txt
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kdschoolAuthor Commented:
It looks like on the 2008R2 server TLS 1.0 was already enabled in the registry.  So I disabled SSL 3.0 and rebooted the server and my security is working fine.  I noticed it says DWORD instead of QWORD. Should I be using QWORD for the TLS 1.0?    Should I add any ciphers for TLS 1.0?
0
David Johnson, CD, MVPOwnerCommented:
check your site with ssllabs.com to be sure
0
kdschoolAuthor Commented:
It's inside the firewall so I can't use that tool.  Is there something safe I can download
0
kdschoolAuthor Commented:
Is there any other way I can confirm the changes are effective.  I disabled the SSL 3.0 in the registry and I enabled the TLS 1.0.  Then rebooted the server.  Would just like to confirm it's working correclty before they scan me again.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.