none
Lync 2010 Edge SSLv2 vulnerability RRS feed

  • Question

  • My InfoSec department has performed security scans on my Lync Edge servers and one of the detected vulnerabilities is SSLv2. Will disabling SSLv2 on my edge servers have any adverse impact?

    Tom

    Friday, December 7, 2012 2:42 PM

Answers

All replies

  • Lync uses TLS, therefore this is not an issue. I have disabled SSLv2 on a Lync Edge server before and it had no adverse impact.

    Best Regards,

    Jamie Schwinn

    Friday, December 7, 2012 3:47 PM
  • Don't the edge server web services use SSL ? .. and .. the A/V port?

    Tom

    Friday, December 7, 2012 4:00 PM
  • The Lync Edge server uses TLS, not SSL. SSL is the precursor to TLS. Think of TLS as a newer version of SSL.
    • Marked as answer by Tom_Slycke Thursday, December 13, 2012 3:51 PM
    Friday, December 7, 2012 4:36 PM
  • Agree with Jamie.  I have disabled SSLv2 on my edge servers for many deployments as it always comes up in security scans.  No impact on functionality by disabling SSLv2

    Tim Harrington | Lync: MCM/MVP | Blog: http://HowDoUC.blogspot.com | Twitter: @twharrington

    Saturday, December 8, 2012 3:19 PM
  • Jamie, Tim, thanks for your respponses. I have now disabled SSLv2 on my edge servers and have seen no issues yet.

    Tom

    Thursday, December 13, 2012 3:52 PM
  • Can you explain how you disable SSL v2.0 on your Lync Edge? 

    I have tried to modify the registry HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server DWORD DisabledByDefault to 1.  Restarted Edge and the SSL v2.0 vulnerability still exists.

    Any suggestions?

    Monday, February 11, 2013 6:46 PM
  • There's just a little more to it .. Check this linke noting the response by Pawel Dolny in detail

    http://forums.iis.net/t/1151822.aspx      

    Friday, February 15, 2013 7:57 PM