Re: Encryption Level of web site

[Nicholas Diotte <xphox () xphox net>]

In-Reply-To: <200306181221.29528.pboucher () gardienvirtuel com>

Patrick,

You can specify which levels you would like your webserver to communicate 
at, I'm not sure which webserver your running, so I'll give you an example 
of my ssl.conf for apache.

SSLProtocol -ALL +SSLv3 +TLSv1
#SSLCipherSuite 
ALL:ADH:EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

As you can see I've modified the original SSLCipherSuite to ensure what I 
feel is a more secure choice.

Hope this helps,
Nick



> Greetings,
>
>  I would like to know what are the permited (and deny) encryption Level 
on a 
> Web Site.
>
> Nessus tell me that my target host accept 40 bit, 56 bits and 128 bits 
> encryptions.. 
>
> I would like to know how that information was obtained?
>
> How can i get that information?(Without using Nessus) In Linux and 
Windows ?
> Thank you.
> -- 
> Patrick Boucher

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------