Nessus Scan & weak ciphers

Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > Nessus Scan & weak ciphers

Last Thread Next Thread Next

Nessus Scan & weak ciphers

dschelberg@volt.com

02-27-04 03:34 PM

Has anyone adjusted their SSLv2 ciphers for IIS 5.0. The
link below is a how to but it is very unclear about which
ciphers and what steps should be followed. The issue
became apparent after a Nessus scan


http://support.microsoft.com/default.aspx?scid=kb;en-
us;245030&Product=win2000

Warning found on port https (443/tcp)
The SSLv2 server offers 4 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack

Solution: disable those ciphers and upgrade your client
software if necessary
Nessus ID : 10863

This plugin connects to a SSL server, and
checks its certificate and the available (shared) SSLv2
ciphers.
Weak (export version) ciphers are reported.




Regards,
Danny Schelberg
CCNA, MCSE, MCP + I
Network Engineer
Procurestaff
Volt Information Sciences, Inc

[ Post a follow-up to this message ]

Most Popular forums

Apache Server	MySQL for Windows	Sendmail
Red Hat Networking	SuSe Linux	Debian Linux
FreeBSD administration	Sun Solaris administration	Unix Shell programming
WebSphere Portal Server	Exchange 2000 administration	PostgreSQL administration
Linux Security	Computer Security	Firewalls

Forum Jump:

Forum Rules:

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF

Medical and Health forum | Computer Games Reviews | Graphics design forum

Automated OffSite Backup	Shopping Cart Software
RAM Memory Upgrades

Syndicate this forum via XML or simple JavaScript feed

Home | Usercp | Faq | Register