Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > Why is SSLv3 and SSLv2 disabled in Serv-U

Why is SSLv3 and SSLv2 disabled in Serv-U

Table of contents

Updated April 26, 2017

Overview

This article provides information on why Serv-U disabled the support for Secure Socket Layer (SSL) versions 2 and 3.

Environment

Serv-U 15.1.1 and later

Detail

Serv-U 15.1.1 and later versions do not support SSL v2 and SSL v3. This is for all new and existing installations. 

Only Transport Layer Security (TLS) is supported when negotiating a secure channel with Serv-U through FTPS or HTTPS.

SSL v2 and SSL v3 are disabled due to a recent vulnerability. 

  • SSL v2 has conditions that test the security of a channel. A number of security scanning software recommend disabling SSL v2. 
  • SSL v3 is not FIPS compliant and is replaced by TLS. Most client applications that support  SSL v3 also support TLS v 1.0. There is POODLE vulnerability in SSL v3.

 

There are no changes or issues in disabling SSL v2 or v3. Modern browsers and FTP clients already support TLSv1.0.

Legacy applications and hardware that never added support for TLSv1.0 are mostly affected by disabling SSL v2 or v3. Applications will be unable to negotiate an SSL connection with Serv-U until SSLv3 is re-enabled.

See the references for more information:

(© 2017 Google Security Blog, available at www.googleblog.com, obtained on April 26, 2017). 

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

 

Last modified
18:12, 26 Apr 2017

Tags

Classifications

Public