Solved

SSL 3.0 vunerability and how to handle this issue?

Posted on 2014-11-07
5
301 Views
Last Modified: 2014-11-10
Windows Server 2003 and 2008 R2.  I am getting a message from my network security folks saying this.
McAfee is currently unaware of a vendor-supplied patch or update (2014-10-24).
The following workaround can be used to mitigate this issue:
Disable SSL 3.0 and/or CBC-mode ciphers in SSLv3.

I have all my ciphers set to '0" but not sure what CBC-mode means?  Can some clarify this.  The other option is to upgrade to TLS.  I sure would like to just disable the ciphers if possible.  I am not sure if the TLS works on all browsers.

Can someone please explain disable CBC-mode ciphers and give me direction on how to upgrade  to TSL and if there will be folks who's browsers wont' work with TLS?
0
Comment
Question by:kdschool
  • 3
  • 2
5 Comments
 
LVL 79

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40428545
CBC cypher block chaining. All but Windows XP IE 8 support TLS
set-perfectFSecutity.ps1.txt
0
 

Author Comment

by:kdschool
ID: 40428580
It looks like on the 2008R2 server TLS 1.0 was already enabled in the registry.  So I disabled SSL 3.0 and rebooted the server and my security is working fine.  I noticed it says DWORD instead of QWORD. Should I be using QWORD for the TLS 1.0?    Should I add any ciphers for TLS 1.0?
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40428610
check your site with ssllabs.com to be sure
0
 

Author Comment

by:kdschool
ID: 40428629
It's inside the firewall so I can't use that tool.  Is there something safe I can download
0
 

Author Comment

by:kdschool
ID: 40429092
Is there any other way I can confirm the changes are effective.  I disabled the SSL 3.0 in the registry and I enabled the TLS 1.0.  Then rebooted the server.  Would just like to confirm it's working correclty before they scan me again.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question