Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > Why is SSLv3 and SSLv2 disabled in Serv-U

Why is SSLv3 and SSLv2 disabled in Serv-U

Table of contents

Updated April 26, 2017

Overview

This article provides information on why Serv-U disabled the support for Secure Socket Layer (SSL) versions 2 and 3.

Environment

Serv-U 15.1.1 and later

Detail

Serv-U 15.1.1 and later versions do not support SSL v2 and SSL v3. This is for all new and existing installations. 

Only Transport Layer Security (TLS) is supported when negotiating a secure channel with Serv-U through FTPS or HTTPS.

SSL v2 and SSL v3 are disabled due to a recent vulnerability. 

  • SSL v2 has conditions that test the security of a channel. A number of security scanning software recommend disabling SSL v2. 
  • SSL v3 is not FIPS compliant and is replaced by TLS. Most client applications that support  SSL v3 also support TLS v 1.0. There is POODLE vulnerability in SSL v3.

 

There are no changes or issues in disabling SSL v2 or v3. Modern browsers and FTP clients already support TLSv1.0.

Legacy applications and hardware that never added support for TLSv1.0 are mostly affected by disabling SSL v2 or v3. Applications will be unable to negotiate an SSL connection with Serv-U until SSLv3 is re-enabled.

See the references for more information:

(© 2017 Google Security Blog, available at www.googleblog.com, obtained on April 26, 2017). 

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

 

Last modified
18:12, 26 Apr 2017

Tags

Classifications

Public