1

My windows Server 2008R2 has SSL v2 Protocol now. Due to Security breach i have palnned to disable SSL v2.

So should I enable SSL v3 or should i jump directly to TLS 1.1\ TLS 1.2 ?

If I disable SSL v2 and not enabling any of the higher versions will there be any security issues?

l.lijith
  • 113
  • 4

3 Answers3

6

Yes, you should disable SSLv3 in favour of TLSv1.1+. SSLv3 & TLS1.0 are considered vulnerable to the "Padding Oracle On Downgraded Legacy Encryption" man-in-the-middle attack, which may lead to revealing your secret data (such as passwords) to an attacker...

Anubioz
  • 3,597
  • 17
  • 23
  • I only have SSL v2 in my Server.So can I directly enable TLS 1.1 without disabling SSL v3? – l.lijith Mar 21 '17 at 06:31
  • 1
    If your network doesn't have any outdated workstations, you should **explicitly disable SSLv3**. If you leave it enabled, attacker can downgrade your connection to SSLv3 and eavesdrop on it... – Anubioz Mar 21 '17 at 06:33
  • thank you for your input..If I jst disable SSL v2 withoutout enabling any of the higher versions how will it impact the security of my Servers? – l.lijith Mar 21 '17 at 06:41
  • 1
    Disabling SSLv2 without enabling SSLv3 is precisely the thing your should do :) – Anubioz Mar 21 '17 at 06:45
  • will it cause any security breach? – l.lijith Mar 21 '17 at 06:48
  • 1
    Using TLSv1.1+ without enabling any kind of SSL is considered safe. After doing that you should focus on other means of securing your server, since there is nothing more your can do with those options... – Anubioz Mar 21 '17 at 06:52
3

Unless you have a specific reason for not doing so (i.e. you need to support legacy clients), it may be best to enable the highest possible version of TLS (i.e. TLSv1.2), and disable everything else (and certainly make sure you disable both SSLv2 and SSLv3).

You probably also want to tune (if you can) the specific ciphers you use. I couldn't find anything specific for Windows, but Mozilla's Server Side TLS might be of some use.

They notably recommend using the following ciphers:

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

They also recommend using TLSv1.2, and ensuring you use RSA keys that are at least 2048 bits.

iwaseatenbyagrue
  • 3,588
  • 12
  • 22
2

SSLv3 is vulnerable to POODLE and other important vulnerabilities.

You should really go for TLS v1.1+

shodanshok
  • 44,038
  • 6
  • 98
  • 162