Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Disable SSL v2 ciphers on IIS 5.0

from [Eoin Miller] Network Security [Permanent Link]
Subject: Re: Disable SSL v2 ciphers on IIS 5.0
Date: Wed, 19 Jul 2006 08:39:06 -0400
secmail.lists@gmail.com wrote: 
All -

I am looking to have a client disable SSL v2 ciphers on IIS 5.0 any idea on how 
to do it? I checked technet and others and it seems to be a mistery. I 
reommended the follwing:
http://support.microsoft.com/kb/187498/en-us

The admin made the registry changes and bounced the server yet the ciphers 
still report they are available (note I used openssl s_client ... to test)

Thanks
Don

Don,

The ciphers can be used with the SSLv2 and SSLv3 protocols. Even if the SSLv2 protocol has been disabled, the same ciphers can be used with an SSLv3 connection. This may be a misunderstanding on my part however as you appear to be attempting to disable the protocol its self. You could ask the client to export the registry keys from the server so you could verify the correct entries. I would also inquire about any firewalls/proxies/etc in between you and the server you are testing against. Perhaps the another device along the route could be handling the SSL?

--Eoin

-------------------------------------------------------------------------
Sponsored by: Watchfire

AppScan 6.5 is now available! New features for Web Services Testing, Advanced Automated Capabilities for Penetration Testers, PCI Compliance Reporting, Token Analysis, Authentication testing, Automated JavaScript execution and much more. Download a Free Trial of AppScan today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=70150000000CYkc
-------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Cookies as the second factor, Darren Bounds
Next by Date:  RE: Disable SSL v2 ciphers on IIS 5.0, Doug Markiewicz
Previous by Thread:  Disable SSL v2 ciphers on IIS 5.0, secmail . lists
Next by Thread:  RE: Disable SSL v2 ciphers on IIS 5.0, Doug Markiewicz
Indexes:  [Date] [Thread] [Top] [All Lists]