cindyfiller
asked on
how to fix issue: SSL Medium strength cipher suites supported
I get a weekly Nessus scan and I have an issue of that reads: SSL Medium strength cipher suites supported. Can someone give me specific steps to correct this? It is a windows 2008 R2 server. I've found tons of articles, but can't find specific steps. In regedit I don't have anything under Cipher suites. Under ciphers I have 3 RC4 records: 128/128, 40/128/ 56/128. All of them have a dword of Enabled with a value of 0... I think that was the proper fix for this issue.
I have several items under Protocols (2 SSL and2 TLS) and all have Disabled by Default with a value of 1 and Enabled with a value of 0.
From what I've read these are the proper settings??
I have several items under Protocols (2 SSL and2 TLS) and all have Disabled by Default with a value of 1 and Enabled with a value of 0.
From what I've read these are the proper settings??
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
BTW, after running the IIScrypto the ssllbas test rated the site with an A (instead of a B). I find it odd that the Nessus scans are still coming up with the same error. But I believe I know what to change manually that will fix this. I'll restart the servers tonight and will be able to verify if all issues have been resolved this weekend.
Thanks for the continued input.
Thanks for the continued input.
ASKER
This issue took a combination of both suggestions. IIScrypto added more of the ciphers, but I had to manually go back and disable the AES and Triple Des ciphers before the entire problem was resolved. One without the other didn't work (for example if I didn't have the Triple Des ciphers I still had the error... it was only once I had that plus disabled it that the error went away.
Thanks to both of you.
Thanks to both of you.
Thanks for sharing but syrange thatvyou mentioned disabling AES. Is it the shorter key legth version of AES that you disabled, e.g. 128 length. Thought it would not matter though to the error.
ASKER
Any other thoughts?