Severity: Medium
Invicti detected that insecure transportation security protocol (SSLv3) is supported by your web server.
SSLv3 has several flaws. An attacker can cause connection failures and they can trigger the use of SSL 3.0 to exploit vulnerabilities like POODLE.
We recommended to disable SSLv3 and replace it with TLS 1.2 or higher. See Remedy section for more details.
Configure your web server to disallow using weak ciphers. You need to restart the web server to enable changes.
SSLProtocol +TLSv1.2
nginx.conf
file and remove SSLv3
.
ssl_protocols TLSv1.2;
regedt32
or regedit
, and then click OK.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\
Server
or create if it doesn't exist.Server
key, locate a DWORD value named Enabled
or create if it doesn't exist and set its value to "0".ssl.use-sslv2 = "disable" ssl.use-sslv3 = "disable"
ssl.openssl.ssl-conf-cmd = ("Protocol" => "-TLSv1.1, -TLSv1, -SSLv3") # v1.4.48 or up ssl.ec-curve = "secp384r1"