mshox1
asked on
Setup SSL level 3 on port 443 - upgrade from current level 2
My server currently runs IIS for access asp through port 443 (https). The security scan told us SSL level 2 using encrypts traffic using a protocol with known weakness.
is anyone know how and where to get the SSL level 3 to install on our server?
thank you
is anyone know how and where to get the SSL level 3 to install on our server?
thank you
ASKER
bbao,
yes, we do want to upgarde to SSL 3.0 on the server setting. The compatibility is not an issues, because 99.99% of our user are already using ie 6.0 or higher.
is the articical in support.micosoft.com/kb/24
also, please confirm, this has nothing to do with the get the SSL 3.0 certificate from verisign alike company.
thank you for your help, and please confirm.
mshox1
yes, we do want to upgarde to SSL 3.0 on the server setting. The compatibility is not an issues, because 99.99% of our user are already using ie 6.0 or higher.
is the articical in support.micosoft.com/kb/24
also, please confirm, this has nothing to do with the get the SSL 3.0 certificate from verisign alike company.
thank you for your help, and please confirm.
mshox1
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
bbao, very useful info.
however we are using MS server 2003. is the procedures the same as window NT 4.0?
Since this should be a very "starndard" procedures, can we get a list of steps (command micro alike)
so we can just follow it. or some "batch" file we can just execute it?
the document seems pretty complicate to read.
thank you for your help
mshox1
however we are using MS server 2003. is the procedures the same as window NT 4.0?
Since this should be a very "starndard" procedures, can we get a list of steps (command micro alike)
so we can just follow it. or some "batch" file we can just execute it?
the document seems pretty complicate to read.
thank you for your help
mshox1
ASKER
thank you very much. excellent response. I get this issues resolved.
however, if you do want to make your web server SSL 3.0-only accessible, you may refer to the following MSKB article to hack your IIS (from v4 to v6)
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll
http://support.microsoft.com/kb/245030
but, be aware that for a successful secured connection, both server and client side should support the same protocol (such as SSL 2.0/3.0 or TLS 1.0) at the same time. not all web browser support SSL 3.0, by default or by design. that's why MS didn't make IIS work with SSL 3.0 only by default.
compatibility issue must be considered before deploying a security solution.
hope it helps,
bbao