Solved

Weak SSL Ciphers & Insecure Version of SSL Protocol Accepted

Posted on 2007-11-30
2
4,835 Views
Last Modified: 2012-06-27
On a Windows 2000 server web server i need to be able to perform the following actions.

The SSL configuration should be changed so that connections using weak (that is, less than 128-bit) encryption ciphers are rejected.

And

The SSL configuration on the listed hosts should be changed so that SSL connections using the insecure version 2 protocol are not accepted.


0
Comment
Question by:Cooker4246
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Accepted Solution

by:
meverest earned 125 total points
ID: 20385482
On directory security tab, click 'edit' in 'secure connections', check 'require ssl' and 'require 128 bit'

Cheers.
0
 
LVL 34

Assisted Solution

by:Dave_Dietz
Dave_Dietz earned 125 total points
ID: 20409216
For the second part of your question please see the following KB article:

How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll
http://support.microsoft.com/kb/245030/en-us

And to a lesser extent:

How to control the ciphers for SSL and TLS
http://support.microsoft.com/kb/216482/en-us

Dave Dietz
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question