Our team is being told to investigate whether our Windows infrastructure contains misconfig encryption.
I sample a few WIN2012 web servers, open up the registry and look at the secured channel settings. I see TLS 1.1 client and TLS 1.1 server are enabled. Some servers have SSL 2.0 client presents but not enabled. No SSL 3 or TLS present.
Would somone educate me how the secured channel protocols being added into the registry?
I understand that SSL 2 and 3 are old and they should be disabled. What is the best way to ensure the disable process will not affect our current applications?
I usually deal with adding secured certificates to the web servers but do not pay attention of what schannel protcol is used.
Thank you very much.