Security Basics mailing list archives

RE: Encryption Level of web site

From: "Michaels, Tod" <Tod.Michaels () constellation com>
Date: Wed, 18 Jun 2003 15:56:27 -0400

I believe what you are looking for may be found in the Windows registry, as
outlined in MS article Q241447, "How to Restrict the Use of Certain Ciphers
in Internet Information Services 5.0".  These registry keys indicate which
SSL and TSL encryption ciphers are enabled on your server.

Per the article:
=============================
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANN
EL/Ciphers 

Under this key, all the ciphers currently used by Schannel for secure
communications are listed. Select the one you want to disable and expand the
key.

You should see a DWORD value under the key called "Enabled." Depending on
the cipher you have selected, this value will either be set to "ffffffff" or
"000000f0" ("ffffffff" means enabled, "000000f0" means disabled).
=============================

Tod Michaels


-----Original Message-----
From: Patrick Boucher [mailto:pboucher () gardienvirtuel com]
Sent: Wednesday, June 18, 2003 12:21 PM
To: security-basics () securityfocus com
Subject: Encryption Level of web site


Greetings,

  I would like to know what are the permited (and deny) encryption Level on
a 
Web Site.

 Nessus tell me that my target host accept 40 bit, 56 bits and 128 bits 
encryptions.. 

I would like to know how that information was obtained?

How can i get that information?(Without using Nessus) In Linux and Windows ?

Thank you.
-- 
Patrick Boucher

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Current thread:

Encryption Level of web site Patrick Boucher (Jun 18)
- Re: Encryption Level of web site Dana Epp (Jun 18)
- <Possible follow-ups>
- RE: Encryption Level of web site Michaels, Tod (Jun 18)
- Re: Encryption Level of web site Nicholas Diotte (Jun 19)
  - Re: Encryption Level of web site Patrick Boucher (Jun 20)
    - Re: Encryption Level of web site Dana Epp (Jun 21)
- Re: Encryption Level of web site Nick Diotte (Jun 21)