SSL 3.0 vunerability and how to handle this issue?

Windows Server 2003 and 2008 R2.  I am getting a message from my network security folks saying this.
McAfee is currently unaware of a vendor-supplied patch or update (2014-10-24).
The following workaround can be used to mitigate this issue:
Disable SSL 3.0 and/or CBC-mode ciphers in SSLv3.

I have all my ciphers set to '0" but not sure what CBC-mode means?  Can some clarify this.  The other option is to upgrade to TLS.  I sure would like to just disable the ciphers if possible.  I am not sure if the TLS works on all browsers.

Can someone please explain disable CBC-mode ciphers and give me direction on how to upgrade  to TSL and if there will be folks who's browsers wont' work with TLS?
kdschoolAsked:
Who is Participating?
 
David Johnson, CD, MVPOwnerCommented:
CBC cypher block chaining. All but Windows XP IE 8 support TLS
set-perfectFSecutity.ps1.txt
0
 
kdschoolAuthor Commented:
It looks like on the 2008R2 server TLS 1.0 was already enabled in the registry.  So I disabled SSL 3.0 and rebooted the server and my security is working fine.  I noticed it says DWORD instead of QWORD. Should I be using QWORD for the TLS 1.0?    Should I add any ciphers for TLS 1.0?
0
 
David Johnson, CD, MVPOwnerCommented:
check your site with ssllabs.com to be sure
0
 
kdschoolAuthor Commented:
It's inside the firewall so I can't use that tool.  Is there something safe I can download
0
 
kdschoolAuthor Commented:
Is there any other way I can confirm the changes are effective.  I disabled the SSL 3.0 in the registry and I enabled the TLS 1.0.  Then rebooted the server.  Would just like to confirm it's working correclty before they scan me again.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.