kdschool
asked on
TLS/SSL Diable 3DES ciper suites
I am being told I have a security vulnerability and not sure how to proceed. Here is the message with the instructions There is no good way to fix such design flaw. Users should config their TLS/SSL implementation to disable 3DES cipher suites. For compatible consideration, OpenSSL move 3DES cipher suites from HIGH to MEDIUM. But this still leave a door to exploit the vulnerability. So it recommended user to update to 1.1.0 or later in order to completely disable 3DES cipher suites.
I am using the Nartac IIS Crypto and the DES 56/56 is off the only other one it Triple DES 168. Is this what I need to turn off or can you tell me how to handle this and will it impact my web server if I turn it off.
I attached my current server settings.
IIS-CryptoSettings-.docx
I am using the Nartac IIS Crypto and the DES 56/56 is off the only other one it Triple DES 168. Is this what I need to turn off or can you tell me how to handle this and will it impact my web server if I turn it off.
I attached my current server settings.
IIS-CryptoSettings-.docx
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER