AnsweredAssumed Answered

Windows Server 2012 IIS 8.0 TLS_FALLBACK_SCSV

Question asked by Kyle Sebion on Oct 30, 2014
Latest reply on Oct 30, 2014 by Rob_T


The SSL report of a website from the company I work for shows:

Downgrade attack preventionNo, TLS_FALLBACK_SCSV not supported (more info)


The website is hosted on Windows Server 2012 with IIS 8.0.

So far, I have been unable to determine how to enable TLS_FALLBACK_SCSV in IIS 8.0.

I would like to enable TLS_FALLBACK_SCSV so that allowing SSL 3.0 is less of a problem.


A post (here) seems to indicate that TLS_FALLBACK_SCSV isn't needed for Windows Server 2012 with IIS 8.0.


However, the report doesn't seem to take into account that TLS_FALLBACK_SCSV isn't needed.


Does anybody have guidance for my situation?