I used a script to secure my SSL connection to remove the old SSL V2 and V3 as well as moving the stronger ciphers to the told and removing the old weak ciphers.
However, SSL LABS kept telling me I was vulnerable to PODDLE. I didn't know why since i removed SSL V3 (which essentially should remove any PODDLE attacks).
After further inspection it was saying that my TLS was vulnerable to POODLE. After much research I found out i needed, Windows6.1-KB2655992-x64. I am running Windows 2008 R2 but this patch fixes some TLS vulnerbilities and it fixed my TLS POODLE issue. I don't think thats what the patch is for, but it does fix it.
The patch also has versions for Windows 7, 32 bit versions of Windows 2008, etc.
Microsoft Bulletin
No comments:
Post a Comment