Nessus & Cipher strenghts
dschelberg_at_volt.com
Date: 02/27/04
- Next message: jay mack: "RE: IIS 6.0 COM App cant write to event log"
- Previous message: John McClain: "iis tomcat question???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Feb 2004 11:35:54 -0800
Has anyone adjusted their SSLv2 ciphers for IIS 5.0. The
link below is a how to but it is very unclear about which
ciphers and what steps should be followed. The issue
became apparent after a Nessus scan. I posted this
question a while ago but It still remains undone.
http://support.microsoft.com/default.aspx?scid=kb;en-
us;245030&Product=win2000
This article below is clear on the how just not what
ciphers are considered weak and therefore should be
disabled
http://support.microsoft.com/default.aspx?scid=kb;en-
us;216482
(from Nessus Scan)
Warning found on port https (443/tcp)
The SSLv2 server offers 4 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
Nessus ID : 10863
This plugin connects to a SSL server, and
checks its certificate and the available (shared) SSLv2
ciphers.
Weak (export version) ciphers are reported.
Regards,
Danny Schelberg
CCNA, MCSE, MCP + I
Network Engineer
Procurestaff
Volt Information Sciences, Inc
- Next message: jay mack: "RE: IIS 6.0 COM App cant write to event log"
- Previous message: John McClain: "iis tomcat question???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
