AnsweredAssumed Answered

Incorrect HTTP server signature/falsely found SSL 3 protocol?

Question asked by Ojas Panwar on Oct 23, 2014
Latest reply on Oct 23, 2014 by M K

We have multiple web servers behind a loadbalancer, some IIS 6.0 and other IIS 7.5. I just ran a ssltest, and here is what it found:

 

This server uses SSL 3, with POODLE mitigated. Still, it's recommended that this protocol is disabled.


Protocols:

 

TLS 1.2No
TLS 1.1No
TLS 1.0Yes
SSL 3   INSECUREYes
SSL 2No


HTTP server signatureMicrosoft-IIS/7.5

 

I've disabled SSLv3 on all of the servers, and IIS 7.5 only has TLS 1.0/1.1/1.2 enabled (see attached). There is no reason for it to be finding SSL 3 connection. Unless I missed any other settings for disabling SSL3, I'm lost... any thoughts?

Attachments

Outcomes