SSL Drown vulnerable

DoM
Posts: 1
Joined: Fri Mar 04, 2016 7:01 pm

SSL Drown vulnerable

Postby DoM » Fri Mar 04, 2016 8:34 pm

Hello,
in according to this scanner, last version of mail enable 9.0.4 professional is vulnerable: https://drownattack.com/#check

What we have to do in order to put mail enable in secure and disabling SSLv2 support ?


Waiting for your reply

Regards

MailEnable-Ian
Site Admin
Posts: 8665
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: SSL Drown vulnerable

Postby MailEnable-Ian » Sun Mar 06, 2016 11:53 pm

HI,

MailEnable uses the Windows cryptographic API to do the SSL setup/configuration, so you would need to disable SSLv2 on the server. There are a few articles on the web on how to disable this, for example:

http://www.hosting.com/support/pci-security-scan/disable-sslv2-for-microsoft-iis7-under-windows-server-2008-64bit
Regards,

Ian Margarone
MailEnable Support

Who is online

Users browsing this forum: No registered users and 12 guests