How to resolve SSL 2.0 Insecure?

Document created by developer0 on Oct 6, 2011Last modified by steve on Oct 6, 2011
Version 3Show Document
  • View in full screen mode

Hi

 

We are new to this. We have this latest report and we wonder how to fix it? Do we need to fix it at all as we have been told no one is using SSL 2.0?

Thanks

 

Protocols
TLS 1.2No
TLS 1.1No
TLS 1.0Yes
SSL 3.0Yes
SSL 2.0+ upgrade supportYes
SSL 2.0   INSECUREYes

 

 

A "document" may not be the best place to ask questions. Try the SSLLabs community instead.

 

You have to change the configuration of the webserver you're using, check the documentation for more details on the following examples:

 

Apache HTTPd with mod_ssl:

# disable only SSLv2:
SSLProtocol all -SSLv2

# allow only TLSv1:
SSLProtocol TLSv1

nginx:

# allow only SSLv3 and TLSv1:
ssl_protocols SSLv3 TLSv1;

# allow only TLSv1:
ssl_protocols TLSv1;

IIS

see the Microsoft knowledge base

Attachments

    Outcomes