IIS7 – Disable SSL 2.0 Enable TLS and SSL 3.0
KB ID 0000280 Problem One of my colleagues, rolled out an SBS 2008 domain the other week. The client then had an independent security review, which recommended they disable SSL 2.0 on their Windows 2008 Server. Queue lots of head scratching and shoulder shrugging. After trawling a few forums we pieced together a working registry fix. Solution 1. On your server apply the following registry fix. (or download it here). Windows Registry...
Cisco ASA – Disable SSLv3 (Force TLSv1.0) – Mitigate POODLE
KB ID 0001052 Problem By default the Cisco ASA will allow connection via SSLv3. The POODLE exploit works by forcing SSL to fall back to SSLv3 and then decrypting that communication. However you are still not completely protected as per this Threat Validation, so the ASA platform can still be attacked via TLSv1.0. Note: At time of writing TLSv1.2 is not supported, but it is on the road-map for version 9.3(2). So this procedure will not...