Disabling SSLv2/SSLv3 (instance security hardening)
Use the glide.outbound.sslv3.disabled property to force the MID Server to use TLS when making outbound connections, such as REST and SOAP requests. Normally, outbound connections from an instance are forced to use TLS instead of SSL.
More information
| Attribute | Description |
|---|---|
| Property name | glide.outbound.sslv3.disabled |
| Configuration type | System Properties (/sys_properties_list.do) |
| Configure in Instance Security Center | Yes |
| Purpose | To enforce the use if TLS during all outbound connections from ServiceNow instance. |
| Recommended value | true Important: The value for the glide.outbound.sslv3.disabled property is a safe override and cannot be altered once changed. |
| Functional Impact | This remediation enforces the usage of TLS protocol version when communicating on HTTPS. If there are devices that customer/users of the instance are using that do not support TLS communication, there may be a potential outage. |
| Security risk | (Medium) Legacy versions of SSL were proven to be insecure when utilized for HTTP secure shell implementation, due to client-side attacks, including BEAST and SSL heart-bleed. |
To learn more about adding or creating a system property, see Add a system property.