AnsweredAssumed Answered

TLS v1.0 Vulnerability is Back After Remediation

Question asked by jaxisland7575 on Oct 26, 2018
Latest reply on Oct 26, 2018 by jaxisland7575

As of 10/22/18 the results of scanning my servers (2008R2 and 2012R2) have brought back findings for "SSL/TLS Server Supports TLSv1.0", "SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE)", and "SSL/TLS Server supports TLSv1.0". Last month the scans did not show these vulnerabilities and I used This Link to verify the registry keys are in place. 

I have verified using IIS Crypto 2.0 that the Protocols and Ciphers are disabled as well. What has changed that these vulnerabilities are now listed again and how do I remediate them?

 

IISCrypto

Outcomes