We have multiple web servers behind a loadbalancer, some IIS 6.0 and other IIS 7.5. I just ran a ssltest, and here is what it found:
This server uses SSL 3, with POODLE mitigated. Still, it's recommended that this protocol is disabled.
|SSL 3 INSECURE||Yes|
|HTTP server signature||Microsoft-IIS/7.5|
I've disabled SSLv3 on all of the servers, and IIS 7.5 only has TLS 1.0/1.1/1.2 enabled (see attached). There is no reason for it to be finding SSL 3 connection. Unless I missed any other settings for disabling SSL3, I'm lost... any thoughts?