The SSL report of a website from the company I work for shows:
|Downgrade attack prevention||No, TLS_FALLBACK_SCSV not supported (more info)|
The website is hosted on Windows Server 2012 with IIS 8.0.
So far, I have been unable to determine how to enable TLS_FALLBACK_SCSV in IIS 8.0.
I would like to enable TLS_FALLBACK_SCSV so that allowing SSL 3.0 is less of a problem.
A post (here) seems to indicate that TLS_FALLBACK_SCSV isn't needed for Windows Server 2012 with IIS 8.0.
However, the report doesn't seem to take into account that TLS_FALLBACK_SCSV isn't needed.
Does anybody have guidance for my situation?