The Weblogs no longer offer SSL v2.0

Reading Time: < 1 minute

CertificateAs you might be aware, the Weblogs offers the ability to encrypt all http traffic to and from the website using Secure Sockets Layer (SSL) since December 2010. To enable this, you only need to direct your traffic to instead of The functionality also includes feeds and (when you’re a blogger with us) the ability to securely post blogposts, comments and articles.

In its (default) configuration, the Weblogs offered both SSL v2.0, SSL v3.0, TLS v1.0, TLS v1.1 and TLS v1.2. Per last Saturday, the webserver has SSL v2.0 disabled, due to its inherited weaknesses in and its attack surface that may be used by the SSL BEAST ("Browser Exploit Against SSL/TLS") attack, allowing man in the middle (MITM) attacks.

We used IIS Crypto to make the necessary changes and checked the health of our SSL implementation here.

When you use, you can feel much safer.

Sander Berkouwer, CTO of the Weblogs

Author: Sander Berkouwer

Sander Berkouwer is the author of the Active Directory Administration Cookbook, speaker and blogger at and He is awarded Microsoft MVP, Veeam Vanguard and VMware vExpert. Since 2009, Microsoft has awarded Sander with the Most Valuable Professional (MVP) award. Since 2016, Veeam has awarded Sander with the Veeam Vanguard award.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.