RE: SSL 2.0

In reading KB 187498 - I found a string that stated by default PCT is not
enabled on Windows 2003 Server.

However when I look at the key location as outlined in the KB

HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server

There is no values for the Enabled DWORD

Enabled with a DWORD value of 0x00000000 is disabled and 0xffffffff is
enabled according to KB 216482 -

So - since the value is not present by default, how is it that PCT is
disabled by default according to the aforementioned KBs?

Thanks


""WenJun Zhang[msft]"" wrote:

No, Microsoft hasn't suggested to enable SSL 3.0 only and disable all the
other ciphers. Only SSL 2.0 is not recommended for sure. The answer of your
question is fully based on your real scenario. If your web application has
quite critical concern on the security and consider only SSL 3.0 clients
should be allowed to access the site, then I believe it's fine to disable
the other ones.

Furthermore, TLS 1.0 and SSL 3.0 are quite smiliar protocols. You may look
through the following article:

What is TLS/SSL?
http://technet2.microsoft.com/windowsserver/en/library/ed5ae700-e05e-45ef-b5
36-45795dbb99a21033.mspx?mfr=true

Hope the info will be of some help. Have a nice day. :-)

Sincerely,

WenJun Zhang

Microsoft Online Community Support

==================================================

Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:

http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.


.

Relevant Pages

  • Re: SSL 2.0
    ... SCHANNEL protocol I would have expected to find a similar key already present ... How does one know if PCT is disabled by default? ... Only SSL 2.0 is not recommended for sure. ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.inetserver.iis.security)
  • Re: Multiple SSLs on the same IIs server
    ... server's SSL configuration. ... Check if the correct certficate is actually ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.inetserver.iis.security)
  • Re: Multiple SSLs on the same IIs server
    ... I ran the ssl diag tool and it showed me several errors. ... (remove online.) ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.inetserver.iis.security)
  • Re: pct 1.0 download
    ... PCT is a depricated variant of the SSL protocol, ... secure HTTPS connections. ... We still support SSL 2.0, ...
    (microsoft.public.security)
  • Re: Make Client Cert Required in IIS on SBS 2003?
    ... To set up SSL certificate on the web site. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.inetserver.iis.security)