WebApp Sec mailing list archives
RE: Disable SSL v2 ciphers on IIS 5.0
From: "Doug Markiewicz" <doug.markiewicz () vigilantminds com>
Date: Wed, 19 Jul 2006 10:11:51 -0400
The article you pointed to covers disabling protocols not ciphers. You should disable everything but SSLv3 and TLSv1 on the protocol front. You also want to restrict the ciphers that are available. This is a separate registry change. The following link should help you out: How to control the ciphers for SSL and TLS http://support.microsoft.com/kb/216482 How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll http://support.microsoft.com/kb/245030/ -----Original Message----- From: secmail.lists () gmail com [mailto:secmail.lists () gmail com] Sent: Tuesday, July 18, 2006 4:53 PM To: webappsec () securityfocus com Subject: Disable SSL v2 ciphers on IIS 5.0 All - I am looking to have a client disable SSL v2 ciphers on IIS 5.0 any idea on how to do it? I checked technet and others and it seems to be a mistery. I reommended the follwing: http://support.microsoft.com/kb/187498/en-us The admin made the registry changes and bounced the server yet the ciphers still report they are available (note I used openssl s_client ... to test) Thanks Don ------------------------------------------------------------------------ - Sponsored by: Watchfire AppScan 6.5 is now available! New features for Web Services Testing, Advanced Automated Capabilities for Penetration Testers, PCI Compliance Reporting, Token Analysis, Authentication testing, Automated JavaScript execution and much more. Download a Free Trial of AppScan today! https://www.watchfire.com/securearea/appscancamp.aspx?id=70150000000CYkc ------------------------------------------------------------------------ - ------------------------------------------------------------------------- Sponsored by: Watchfire AppScan 6.5 is now available! New features for Web Services Testing, Advanced Automated Capabilities for Penetration Testers, PCI Compliance Reporting, Token Analysis, Authentication testing, Automated JavaScript execution and much more. Download a Free Trial of AppScan today! https://www.watchfire.com/securearea/appscancamp.aspx?id=70150000000CYkc -------------------------------------------------------------------------
Current thread:
- Disable SSL v2 ciphers on IIS 5.0 secmail . lists (Jul 18)
- Re: Disable SSL v2 ciphers on IIS 5.0 Eoin Miller (Jul 19)
- <Possible follow-ups>
- RE: Disable SSL v2 ciphers on IIS 5.0 Doug Markiewicz (Jul 19)
- RE: Disable SSL v2 ciphers on IIS 5.0 xxradar (Jul 20)