Are you still using SSL 2.0/SSL 3.0 or TLS 1.0 protocol? If you are working with online or e-commerce, then you have to check protocols version behind this. The PCI council has announced that TLS 1.0 is not anymore consider strong cryptography after 30th June 2018. As they have found many vulnerabilities.
What is TLS?
Transport Layer Security (TLS) is a cryptographic protocol and use for secure communication between to server. It also use to authenticate one or both server and protect confidential data with encryption.
Check Protocol which are enable in your server
If you are not sure, which protocol are enable in your server, you can find the details from free SSL Server Test.
Why we need to disable TLS 1.0
Security researchers have discovered many vulnerabilities in TLS 1.0 version. An attackers can be generate specially-crafted plaintext input and could decrypt confidential data from TLS 1.0 session.
How to fix TLS 1.0 vulnerability
TLS 1.0 support should be disable. You can follow below simple steps to secure your server.
You can configure it using the following.
SSLProtocol All -SSLv2 -SSLv3 -TLSv1
Microsoft strongly recommend that all servers should be up-to-date with latest patches.
Please follow below steps to disable TLS 1.0 in windows server.
- Download IISCrypto application from NARTAC SOFTWARE site.
- Open IISCrypto and uncheck unwanted protocols and TLS 1.0 also.
- You can also follow Best Practics option.
- Open RUN command and type gpedit.msc for group policy then press ENTER.
- Go to Computer Configuration > Windows Settings > Security Settings > Local Policy > Security Options
- enable System cryptography:Use FIPS compliant algorithms for encryption, hashing, and signing
- Reboot the server to update registry and policy.
You Must Also Read