On a recent Lync deployment at a client site, it was brought to my attention from the security team that SSLv2 was enabled on the Edge Server. I have never heard of this being a vulnerability but then again I am not a security expert. So looking into it and knowing that the Lync 2010 Edge server does not use SSL for any communications (it uses TLS and MTLS), we disabled SSLv2 following the instructions on this link. Then ran this cool online tool to test if the server has SSLv2 enabled by entering in the FQDN of the Access Edge server showing in green letters that the test passed and SSLv2 was disabled on the Access Edge server. The security expert also ran his tests on the server and verified that SSLv2 was disabled. We performed a full battery of Lync functionality testing involving the Edge server and it still worked without any issues.
Cheers this helped a lot.
ReplyDelete