Solved

This server is vulnerable to MITM attacks because it supports insecure renegotiation. Grade set to F

Posted on 2014-12-11
4
616 Views
Last Modified: 2014-12-18
Ran website through SSL Labs and got this warning

This server is vulnerable to MITM attacks because it supports insecure renegotiation. Grade set to F

Any ideas how to patch? It's running on a server 2003 box.

https://community.qualys.com/blogs/securitylabs/2009/11/05/ssl-and-tls-authentication-gap-vulnerability-discovered
0
Comment
Question by:gman
  • 2
4 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 40494415
Should have been fixed in Windows Update

http://support.microsoft.com/kb/980436
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 40498068
0
 

Author Comment

by:gman
ID: 40500196
IT's running Apache V2.2.25, Windows is fully updated.

Do you think disabling PCT, SSL 2, SSL 3 via the registry will do the trick?

Thanks,
0
 
LVL 58

Assisted Solution

by:Gary
Gary earned 250 total points
ID: 40500726
From what I can find Apache 2.2.3x is the minimum to fix it.

You should have already disabled SSLv2 and SSLv3 to mitigate the Heartbleed exploit. If you already have an SSL cert you will need to check the OpenSSL version used to create it as it may need updating
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With healthcare moving into the digital age with things like Healthcare.gov, the digitization of patient records and video conferencing with patients, data has a much greater chance of being exposed than ever before.
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
The purpose of this video is to demonstrate how to integrate Mailchimp with Facebook. This will be demonstrated using a Windows 8 PC. Mailchimp and Facebook will be used. Log into your Mailchimp account. : Click on your name. Go to Account Setti…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question