RE: SSL v2/v3 configuration

["Dimitris Petropoulos" <D.Petropoulos () encode-sec com>]

Dear Gareth,

Regarding IIS:
http://support.microsoft.com/?kbid=245030
http://support.microsoft.com/default.aspx?scid=kb;en-us;187498

Regarding Apache:
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslciphersuite

Hope this helps.

Best regards,

-----------------------
Dimitrios Petropoulos
MSc InfoSec, CISSP

Director, Security Research & Development
 
ENCODE S.A.
3, R.Melodou Str
151 25 Maroussi
Athens, Greece
Tel: +30210-6178410
Fax: +30210-6109579
web: www.encode-sec.com
------------------------
 

> -----Original Message-----
> From: Gareth Bromley [mailto:gbromley () intstar com] 
> Sent: Friday, May 21, 2004 11:28 AM
> To: webappsec () securityfocus com
> Subject: SSL v2/v3 configuration
>
>
> As subject:
>
> Got myself stumped the other day when looking at a clients 
> configuration for a SSL webserver (on IIS) and noticed they 
> accepted SSLv2 requests. For the life of me I couldn't figure 
> out how to correct this behaviour (both IIS5 and IIS6), and 
> wondered if anyone had good pointers to how to do this (so I 
> am able to create suitable guidelines for this).
>
> Of course this got me thinking, what about other webservers 
> e.g. Netscape /iPlanet, etc which also may not be so well 
> documented. Is anyone aware of any good links detailing 
> sensible configuration for most common web serving platforms?
>
> Regards
>
> Gareth


******************************************************************
Any views expressed in this message are those of the
individual sender, except where the sender specifically
states them to be the views of ENCODE S.A.
******************************************************************