• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1671
  • Last Modified:

Setup SSL level 3 on port 443 - upgrade from current level 2

My server currently runs IIS for access asp through port 443 (https).  The security scan told us SSL level 2  using encrypts traffic using a protocol with known weakness.

is anyone know how and where to get the SSL level 3 to install on our server?

thank you

0
mshox1
Asked:
mshox1
  • 3
  • 2
1 Solution
 
bbaoIT ConsultantCommented:
are you talking about SSL 3.0?

however, if you do want to make your web server SSL 3.0-only accessible, you may refer to the following MSKB article to hack your IIS (from v4 to v6)

How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll
http://support.microsoft.com/kb/245030

but, be aware that for a successful secured connection, both server and client side should support the same protocol (such as SSL 2.0/3.0 or TLS 1.0) at the same time. not all web browser support SSL 3.0, by default or by design. that's why MS didn't make IIS work with SSL 3.0 only by default.

compatibility issue must be considered before deploying a security solution.

hope it helps,
bbao
0
 
mshox1Author Commented:
bbao,

yes, we do want to upgarde to SSL 3.0 on the server setting.  The compatibility is not an issues, because 99.99% of our user are already using ie 6.0 or higher.  

is the articical in support.micosoft.com/kb/245030  tell us how to do this setting?

also, please confirm, this has nothing to do with the get the SSL 3.0 certificate from verisign alike company.

thank you for your help, and please confirm.

mshox1

0
 
bbaoIT ConsultantCommented:
> is the articical in support.micosoft.com/kb/245030  tell us how to do this setting?

according to MS, "this article provides the necessary information to configure the Windows NT 4.0 Service Pack 6 and later TLS/SSL Security Provider. You can use the Windows registry to control the use of specific SSL 3.0 or TLS 1.0 cipher suites respect to the cryptographic algorithms supported by Microsoft Base or Enhanced Cryptographic Provider."

> this has nothing to do with the get the SSL 3.0 certificate from verisign alike company.

correct. SSL is a *protocol* to encrypt communication data, certificate is a *signature* to authenticate the owner of data.

hope it helps,
bbao
0
 
mshox1Author Commented:
bbao,  very useful info.  
however we are using MS server 2003.  is the procedures the same as window NT 4.0?

Since this should be a very "starndard" procedures, can we get a list of steps (command micro alike)
so we can just follow it.   or some "batch" file we can just execute it?

the document seems pretty complicate to read.

thank you for your help

mshox1
0
 
mshox1Author Commented:
thank you very much.  excellent response.  I get this issues resolved.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now