AnsweredAssumed Answered

Disabling SSL2 and SSL3 doesn't improve site overall score

Question asked by dan callum on Jun 30, 2015
Latest reply on Jun 30, 2015 by j-mailor

Hello Forum, I was checking one of the sites for SSL vulnerabilities on ssllabs.com/ssltest and the result showed 'this server support SSL 2' and that that sire is vulnerable to POODLE and FREAK attack and to 'disable SSL 3 to mitigate'. Since the website is running on a Apache server, I followed the instructions here and added SSLProtocol all -SSLv3 -SSLv2 to SSL.conf file. I restarted the httpd service but running the SSLTEST again shows support for SSL 2 and SSL 3. Why is that happening? Do I have to do something else to get this fixed?

Outcomes