none
Server Vulnerability SSLv2 RRS feed

  • Question

  • Server Vulnerability SSLv2: Our network has been scanned and our DC’s (Windows Server 2008 R2and 2012 R2) are using / listening with SSLv2 on port 3269 and 636. The PID information listed is: lsass.exe  kdc , KeyIso, Netlogon, NTDS, SamSs.. My first question would be is it safe to disable SSLv2? Second question will come down the pipe very soon, is it safe to disable SSLv3?

    Tuesday, April 5, 2016 6:02 PM

Answers

  • disabling SSL is simply a matter of a reg hack.  Whether or not it's safe to disable it is impossible to answer.  We don't know your environment.

    At a minimum, I would enable TLS, (simple reg hack), confirm the current certificates on the DC's can support TLS encryption, then disable SSL.  Immediately test replication.  If it works, great, but be prepared for calls about other things no longer working.

    You may need to back out the changes, (again, simple reg hacks), to fix whatever broke.

    • Marked as answer by Kevin Remde Monday, April 11, 2016 1:31 PM
    Tuesday, April 5, 2016 6:14 PM