WebApp Sec mailing list archives
RE: SSL v2/v3 configuration
From: "Dimitris Petropoulos" <D.Petropoulos () encode-sec com>
Date: Fri, 21 May 2004 17:01:22 +0300
Dear Gareth, Regarding IIS: http://support.microsoft.com/?kbid=245030 http://support.microsoft.com/default.aspx?scid=kb;en-us;187498 Regarding Apache: http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslciphersuite Hope this helps. Best regards, ----------------------- Dimitrios Petropoulos MSc InfoSec, CISSP Director, Security Research & Development ENCODE S.A. 3, R.Melodou Str 151 25 Maroussi Athens, Greece Tel: +30210-6178410 Fax: +30210-6109579 web: www.encode-sec.com ------------------------
-----Original Message----- From: Gareth Bromley [mailto:gbromley () intstar com] Sent: Friday, May 21, 2004 11:28 AM To: webappsec () securityfocus com Subject: SSL v2/v3 configuration As subject: Got myself stumped the other day when looking at a clients configuration for a SSL webserver (on IIS) and noticed they accepted SSLv2 requests. For the life of me I couldn't figure out how to correct this behaviour (both IIS5 and IIS6), and wondered if anyone had good pointers to how to do this (so I am able to create suitable guidelines for this). Of course this got me thinking, what about other webservers e.g. Netscape /iPlanet, etc which also may not be so well documented. Is anyone aware of any good links detailing sensible configuration for most common web serving platforms? Regards Gareth
****************************************************************** Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of ENCODE S.A. ******************************************************************
Current thread:
- SSL v2/v3 configuration Gareth Bromley (May 21)
- <Possible follow-ups>
- RE: SSL v2/v3 configuration Dimitris Petropoulos (May 21)