| dschelberg@volt.com 2004-02-27, 11:35 am |
| (Response to my own original post)
This article is clear on the how just not what ciphers
are considered weak and therefore should be disabled
http://support.microsoft.com/default.aspx?scid=kb;en-
us;216482
(from Nessus Scan)
Warning found on port https (443/tcp)
The SSLv2 server offers 4 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
Nessus ID : 10863
This plugin connects to a SSL server, and
checks its certificate and the available (shared) SSLv2
ciphers.
Weak (export version) ciphers are reported.
Regards,
Danny Schelberg
CCNA, MCSE, MCP + I
Network Engineer
Procurestaff
Volt Information Sciences, Inc
>-----Original Message-----
>Has anyone adjusted their SSLv2 ciphers for IIS 5.0. The
>link below is a how to but it is very unclear about
which
>ciphers and what steps should be followed. The issue
>became apparent after a Nessus scan
>
>
>http://support.microsoft.com/default.aspx?scid=kb;en-
>us;245030&Product=win2000
>
>Warning found on port https (443/tcp)
>The SSLv2 server offers 4 strong ciphers, but also
>0 medium strength and 2 weak "export class" ciphers.
>The weak/medium ciphers may be chosen by an export-grade
>or badly configured client software. They only offer a
>limited protection against a brute force attack
>
>Solution: disable those ciphers and upgrade your client
>software if necessary
>Nessus ID : 10863
>
>This plugin connects to a SSL server, and
>checks its certificate and the available (shared) SSLv2
>ciphers.
>Weak (export version) ciphers are reported.
>
>
>
>
>Regards,
>Danny Schelberg
>CCNA, MCSE, MCP + I
>Network Engineer
>Procurestaff
>Volt Information Sciences, Inc
>
>.
>
|