Server has SSL3 Fallback enabled

Rule from ssl under security category

What is a trooper!

we have submitted your edit to the community for review! We'll review and make it live on the site in the next few hours, the internet thanks you :).

Browse another section of the knowledge base



Suggest an edit

Cancel

This rule has no content... yet.

Add content to this rule

Or just browse to view rules that have content



 

SSL is a cryptographic protocol used for obscuring data during transmission. The third revision of SSL is nearly two decades old and has numerous known vulnerabilities. Support, however, remains strong. Disabling support on your server will disallow clients from using this insecure protocol.

How do I fix this?

  • Apache:
    • Add the following to your global configuration and/or update existing virtual-hosts with the following: SSLProtocol All -SSLv2 -SSLv3
    • Execute at your terminal prompt: sudo apache2ctl configtest && sudo service apache2 restart
  • IIS:
    • Add the following to a file named disable_ssl3.reg:
      Windows Registry Editor Version 5.00
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
      "Enabled"=dword:00000000
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
      "Enabled"=dword:00000000
    • Execute the file once you've created it to apply the registry changes.
  • Nginx:
    • Add the following to your global configuration and/or update existing virtual-hosts with the following: ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    • Then restart Nginx with: sudo service nginx restart

Test your server using zmap, or manually with: openssl s_client -connect <host>:<port> -ssl3. Consider the test a success if a handshake error is returned from openssl.

Resources

Browse another section of the knowledge base



Signup icon
Ready to see how well your site scores?

Passmarked works best when you have an account. It allows you to keep a dashboard with saved data of the sites you have run through the system, we’ll alert you about important updates and you get access to the Passmarked Slack forum.

Sign up to get started