AnsweredAssumed Answered

Windows Server 2012 IIS 8.0 TLS_FALLBACK_SCSV

Question asked by Kyle Sebion on Oct 30, 2014
Latest reply on Oct 30, 2014 by Rob_T

Hi,

The SSL report of a website from the company I work for shows:

Downgrade attack preventionNo, TLS_FALLBACK_SCSV not supported (more info)

 

The website is hosted on Windows Server 2012 with IIS 8.0.

So far, I have been unable to determine how to enable TLS_FALLBACK_SCSV in IIS 8.0.

I would like to enable TLS_FALLBACK_SCSV so that allowing SSL 3.0 is less of a problem.

 

A post (here) seems to indicate that TLS_FALLBACK_SCSV isn't needed for Windows Server 2012 with IIS 8.0.

 

However, the report doesn't seem to take into account that TLS_FALLBACK_SCSV isn't needed.

 

Does anybody have guidance for my situation?

Outcomes