Disabling SSLv2/SSLv3
This article is based on the ServiceNow support article. See the original article on the ServiceNow support site: ServiceNow HI: Disabling SSLv2/SSLv3.
When active, outbound connections from an instance are forced to use TLS instead of SSL. Setting this property forces the MID Server to use TLS when making outbound connections, such as REST and SOAP requests.
| Disabling SSLv2/SSLv3 | |
|---|---|
| Property Name | glide.outbound.sslv3.disabled |
| Configuration Type | System Properties (/sys_properties_list.do) |
| Purpose | To enforce the use if TLS during all outbound connections from ServiceNow instance. |
| Requirement | Optional |
| Recommended Value | True |
| Default Behavior | Set to true. |
| Revertible behavior | N/A |
| Role required | Admin |
| Release Version | Fuji |
| Functional Impact | (Medium) This remediation would enforce the usage of TLS protocol version when communicating on HTTPS. If there are devices that customer/users of the instance are using do not support TLS communication, there will be potential outage. |
| Security Risk | (Medium) Due to a number of Client side attacks such as BEAST, SSL heart-bleed etc, legacy versions of SSL were proven to be insecure when utilized for HTTP secure shell implementation. |
| Workaround | No alternate method available. |
