How to resolve SSL 2.0 Insecure?

Version 3



    We are new to this. We have this latest report and we wonder how to fix it? Do we need to fix it at all as we have been told no one is using SSL 2.0?



    TLS 1.2No
    TLS 1.1No
    TLS 1.0Yes
    SSL 3.0Yes
    SSL 2.0+ upgrade supportYes
    SSL 2.0   INSECUREYes



    A "document" may not be the best place to ask questions. Try the SSLLabs community instead.


    You have to change the configuration of the webserver you're using, check the documentation for more details on the following examples:


    Apache HTTPd with mod_ssl:

    # disable only SSLv2:
    SSLProtocol all -SSLv2

    # allow only TLSv1:
    SSLProtocol TLSv1


    # allow only SSLv3 and TLSv1:
    ssl_protocols SSLv3 TLSv1;

    # allow only TLSv1:
    ssl_protocols TLSv1;


    see the Microsoft knowledge base