Cannot Pass A PCI Compliance Scan Because of SSLv2

Trying to pass a PCI compliance scan via Control Scan but keeps failing due to SSLv2 or a weak cipher is enabled. All I see in the registry is SSLv2 and I have disabled it and restarted with no luck. I'm under the impression that SSLv3 is enabled by default after disabling SSLv2?
MasterComputingAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
arober11Connect With a Mentor Commented:
What version of Windows Sever / IIS?

Have you checked you registry for the appropriate value e.g. To quote Microsoft:

1. Is it possible to disable SSLv2 on a DC so that secure LDAP communication is forced to use SSLv3 or TLSv1?
Yes it is possible to disable SSLv2 on a DC. Please find below the registry changes that has to be done on the DC to disable it,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000
If the above registry key does not exist please create and reboot the server for the registry key to come into effect.
Refer Article: How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll : http://support.microsoft.com/kb/245030/en-us 


Also to be sure the SSL2 in not supported, grab yourself a copy of the OpenSSL tool, and scan your own site to see what's available, from a public network e.g.

openssl s_client -no_tls1 -no_ssl3 -connect www.yourHost.com:443

Open in new window


The OWASP project offers assorted info on how to test your own site.
0
 
MasterComputingAuthor Commented:
Under: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0,

Instead of Server, it was client that was set to DWORD=0. Added Server and passed the scan. Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.