Downgrade attack prevention - IBM HTTP Server Changes

Question

I am currently seeing a vulneribility post scanning for Downgrade Prevention Attack on my website, I did a quick check on google and figured out TLS Fallback Signaling Cipher Suite Value (SCSV) can be used for Preventing Protocol Downgrade Attacks,

But can anyone suggest what changes will i have to make to my IBM HTTP server conf files to prevent this vulneribilty. If not how can we implement TLS Fallback Signaling Cipher Suite Value (SCSV)

djrecker.

I think you should try this question on http://security.stackexchange.com/ or http://serverfault.com/ — regilero, Apr 23 '15 at 07:46

score 2 · Accepted Answer · answered Apr 29 '15 at 12:51

2

IHS doesn't support SCSV, which is a protocol that enables browsers to do slightly less unsafe non-TLS negotiation when they see connections abruptly closed.

You could disable SSLv3 so there is no "weak" protocol to allow this to downgrade to.

answered Apr 29 '15 at 12:51

covener

17,402
2
31
45

Downgrade attack prevention - IBM HTTP Server Changes

1 Answers1