RE: SSL Ciphers

["Dimitris Petropoulos" <D.Petropoulos () encodegroup com>]

Hi pagvac,

> Basically I'm interested in the following:
...
> - hardening guidelines that illustrate how to disable weak 
> ciphers from popular web servers such as Apache and IIS

Here are the resources for the most popular web servers:

IIS:
http://support.microsoft.com/?kbid=245030
http://support.microsoft.com/default.aspx?scid=kb;en-us;187498

Apache: 
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslciphersuite

IBM HTTP Server: 
http://www-306.ibm.com/software/webservers/httpservers/doc/v1312/ibm/9ac
dssl.htm
(look for SSLVersion and SSLCipherSpec)

iPlanet v6: 
http://docs.sun.com/source/816-5682-10/esecurty.htm#1008479

Best regards,
---------------------------------
Dimitrios Petropoulos, MSc InfoSec, CISSP

Managing Director
ENCODE Middle East FZ-LLC
Dubai Internet City
P.O. Box 500328 - Dubai, U.A.E.
web: www.encodegroup.com
--------------------------------
ENCODE S.A. - HQs
3, R.Melodou Str
151 25 Maroussi
Athens, Greece
Tel: +30210-6178410
Fax: +30210-6109579
---------------------------------


******************************************************************
Any views expressed in this message are those of the
individual sender, except where the sender specifically
states them to be the views of ENCODE S.A.
******************************************************************


-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------