IIS Server Security - IIS6 and SSLv2

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > August 2006 > IIS6 and SSLv2





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author IIS6 and SSLv2
Blake

2006-08-14, 1:20 pm

Our InfoSec people are obviously bored. Is there a straightforward to way
to configure IIS 6.0 to not allow client connections using SSLv2 (and only
respond to SSLv3)?

I have read the following:
http://support.microsoft.com/kb/299875/en-us
http://support.microsoft.com/kb/216482
http://support.microsoft.com/kb/245030/

These only discuss disabling certain ciphers.

I imagine that IIS 7 won't support SSLv2, as an aside.

Thanks
Blake


Blake

2006-08-14, 1:20 pm

After posting, I found this:

http://support.microsoft.com/defaul...kb;en-us;187498

I'll try it and report back.
Blake

"Blake" <blake_duffey@NOSPAM.hotmail.com> wrote in message
news:uN65q%236vGHA.2436@TK2MSFTNGP06.phx.gbl...
> Our InfoSec people are obviously bored. Is there a straightforward to way
> to configure IIS 6.0 to not allow client connections using SSLv2 (and only
> respond to SSLv3)?
>
> I have read the following:
> http://support.microsoft.com/kb/299875/en-us
> http://support.microsoft.com/kb/216482
> http://support.microsoft.com/kb/245030/
>
> These only discuss disabling certain ciphers.
>
> I imagine that IIS 7 won't support SSLv2, as an aside.
>
> Thanks
> Blake
>


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com