How to resolve SSL 2.0 Insecure?

Version 3

    Hi

     

    We are new to this. We have this latest report and we wonder how to fix it? Do we need to fix it at all as we have been told no one is using SSL 2.0?

    Thanks

     

    Protocols
    TLS 1.2No
    TLS 1.1No
    TLS 1.0Yes
    SSL 3.0Yes
    SSL 2.0+ upgrade supportYes
    SSL 2.0   INSECUREYes

     

     

    A "document" may not be the best place to ask questions. Try the SSLLabs community instead.

     

    You have to change the configuration of the webserver you're using, check the documentation for more details on the following examples:

     

    Apache HTTPd with mod_ssl:

    # disable only SSLv2:
    SSLProtocol all -SSLv2

    # allow only TLSv1:
    SSLProtocol TLSv1

    nginx:

    # allow only SSLv3 and TLSv1:
    ssl_protocols SSLv3 TLSv1;

    # allow only TLSv1:
    ssl_protocols TLSv1;

    IIS

    see the Microsoft knowledge base