PCI Scan and SSLv2

Posted on 2010-09-20
Medium Priority
Last Modified: 2013-12-04
I have a SBS2008 server running exchange and OWA. My client is very happy with it and makes a lot of use of OWA.

However he also needs PCI Scans to check whether his network is secure from his credit card processing company. This is a requirement and is essentially a fancy port scan. Unfortunately port 443 and OWA fails the security test. This is because OWA accepts SSLv2 connections, in order to pass the test I must restrict the server to only accept SSLv3 connections.

Anyone already dealt with this, these security scans are pretty commonplace.
Question by:FutureOak
  • 2

Author Comment

ID: 33717346
Sorry I should have added more info. I have already found the KB article


Which talks about it but the settings do not seem to relate to my SBS2008 install. It talks about keys in

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols

My server has only one key in there for SSL 2.0. However this is for the client only and the article talks about changing the server entry in the registry.

I think I am in the right area but dont fancy randomly changing regisitry settings that 'look right' on a production server :)
LVL 35

Accepted Solution

Cris Hanna earned 2000 total points
ID: 33722290

Author Closing Comment

ID: 33743724
Spot on, I followed the article, they ran a PCI test last night and the server in question passed, many thanks

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

An Incident response plan is an organized approach to addressing and managing an incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
In computing, Vulnerability assessment and penetration testing are used to assess systems in light of the organization's security posture, but they have different purposes.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question