Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SSL 3.0 vunerability and how to handle this issue?

Posted on 2014-11-07
5
Medium Priority
?
323 Views
Last Modified: 2014-11-10
Windows Server 2003 and 2008 R2.  I am getting a message from my network security folks saying this.
McAfee is currently unaware of a vendor-supplied patch or update (2014-10-24).
The following workaround can be used to mitigate this issue:
Disable SSL 3.0 and/or CBC-mode ciphers in SSLv3.

I have all my ciphers set to '0" but not sure what CBC-mode means?  Can some clarify this.  The other option is to upgrade to TLS.  I sure would like to just disable the ciphers if possible.  I am not sure if the TLS works on all browsers.

Can someone please explain disable CBC-mode ciphers and give me direction on how to upgrade  to TSL and if there will be folks who's browsers wont' work with TLS?
0
Comment
Question by:kdschool
  • 3
  • 2
5 Comments
 
LVL 84

Accepted Solution

by:
David Johnson, CD, MVP earned 1500 total points
ID: 40428545
CBC cypher block chaining. All but Windows XP IE 8 support TLS
set-perfectFSecutity.ps1.txt
0
 

Author Comment

by:kdschool
ID: 40428580
It looks like on the 2008R2 server TLS 1.0 was already enabled in the registry.  So I disabled SSL 3.0 and rebooted the server and my security is working fine.  I noticed it says DWORD instead of QWORD. Should I be using QWORD for the TLS 1.0?    Should I add any ciphers for TLS 1.0?
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 40428610
check your site with ssllabs.com to be sure
0
 

Author Comment

by:kdschool
ID: 40428629
It's inside the firewall so I can't use that tool.  Is there something safe I can download
0
 

Author Comment

by:kdschool
ID: 40429092
Is there any other way I can confirm the changes are effective.  I disabled the SSL 3.0 in the registry and I enabled the TLS 1.0.  Then rebooted the server.  Would just like to confirm it's working correclty before they scan me again.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question