Skip navigation
Currently Being Moderated

How to resolve SSL 2.0 Insecure?

Created by developer0 on Oct 6, 2011 9:23 PM - Last modified by steve on Oct 6, 2011 11:39 PM

Hi

 

We are new to this. We have this latest report and we wonder how to fix it? Do we need to fix it at all as we have been told no one is using SSL 2.0?

Thanks

 

Protocols
TLS 1.2No
TLS 1.1No
TLS 1.0Yes
SSL 3.0Yes
SSL 2.0+ upgrade supportYes
SSL 2.0   INSECUREYes

 

 

A "document" may not be the best place to ask questions. Try the SSLLabs community instead.

 

You have to change the configuration of the webserver you're using, check the documentation for more details on the following examples:

 

Apache HTTPd with mod_ssl:

# disable only SSLv2:
SSLProtocol all -SSLv2

# allow only TLSv1:
SSLProtocol TLSv1

nginx:

# allow only SSLv3 and TLSv1:
ssl_protocols SSLv3 TLSv1;

# allow only TLSv1:
ssl_protocols TLSv1;

IIS

see the Microsoft knowledge base

Comments (0)

Bookmarked By (0)

More Like This

  • Retrieving data ...

More by developer0