Setup SSL level 3 on port 443 - upgrade from current level 2

Posted on 2009-02-21
Last Modified: 2012-05-06
My server currently runs IIS for access asp through port 443 (https).  The security scan told us SSL level 2  using encrypts traffic using a protocol with known weakness.

is anyone know how and where to get the SSL level 3 to install on our server?

thank you

Question by:mshox1
    LVL 36

    Expert Comment

    by:Bing CISM / CISSP
    are you talking about SSL 3.0?

    however, if you do want to make your web server SSL 3.0-only accessible, you may refer to the following MSKB article to hack your IIS (from v4 to v6)

    How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll

    but, be aware that for a successful secured connection, both server and client side should support the same protocol (such as SSL 2.0/3.0 or TLS 1.0) at the same time. not all web browser support SSL 3.0, by default or by design. that's why MS didn't make IIS work with SSL 3.0 only by default.

    compatibility issue must be considered before deploying a security solution.

    hope it helps,

    Author Comment


    yes, we do want to upgarde to SSL 3.0 on the server setting.  The compatibility is not an issues, because 99.99% of our user are already using ie 6.0 or higher.  

    is the articical in  tell us how to do this setting?

    also, please confirm, this has nothing to do with the get the SSL 3.0 certificate from verisign alike company.

    thank you for your help, and please confirm.


    LVL 36

    Accepted Solution

    > is the articical in  tell us how to do this setting?

    according to MS, "this article provides the necessary information to configure the Windows NT 4.0 Service Pack 6 and later TLS/SSL Security Provider. You can use the Windows registry to control the use of specific SSL 3.0 or TLS 1.0 cipher suites respect to the cryptographic algorithms supported by Microsoft Base or Enhanced Cryptographic Provider."

    > this has nothing to do with the get the SSL 3.0 certificate from verisign alike company.

    correct. SSL is a *protocol* to encrypt communication data, certificate is a *signature* to authenticate the owner of data.

    hope it helps,

    Author Comment

    bbao,  very useful info.  
    however we are using MS server 2003.  is the procedures the same as window NT 4.0?

    Since this should be a very "starndard" procedures, can we get a list of steps (command micro alike)
    so we can just follow it.   or some "batch" file we can just execute it?

    the document seems pretty complicate to read.

    thank you for your help


    Author Closing Comment

    thank you very much.  excellent response.  I get this issues resolved.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Suggested Solutions

    Preface There are many applications where some computing systems need have their system clocks running synchronized within a small margin and eventually need to be in sync with the global time. There are different solutions for this, i.e. the W3…
    Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now