?
Solved

SSL Ciphers IIS 5.0

Posted on 2005-03-21
5
Medium Priority
?
1,006 Views
Last Modified: 2009-07-29
A recent security scan on an IIS 5.0 box discovered that the server allows weak ciphers.

I found out how to to disable unwanted ciphers, but I am unsure which to disable.

http://support.microsoft.com/default.aspx?scid=kb;en-us;216482

I want to disable anything less than 128-bit encryption.

Suggestions??
0
Comment
Question by:testtest25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
spacity69 earned 2000 total points
ID: 13592456
I would only enable the ones with 128/128 or higher. RC2 would also be disabled on my servers. You also should only enable SSLv3.

0
 
LVL 5

Expert Comment

by:tmehmet
ID: 13596252
Agreed. use 128 and above and you should be ok.

the only thing to watch out for is that if you have users with older browsers, they may not be capable of the higher levels (128+) and by leaving the ciphers it allows clients (eg browsers) to negotiate a lower level of encryption.

Most people dont even realise this.
0
 
LVL 1

Expert Comment

by:spacity69
ID: 13601962
True, the user just asked about 128 though. I usually leave a export 40 bit enabled with a step up certificate then have the webserver display a nice message saying hey you need 128 bit ssl to use the rest of my site.

I use Iplanet web servers though not iis :)
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question