Re: SSL 2.0

From: Smurfman <smurfman@xxxxxxxxxxxxxx>
Date: Thu, 10 Jan 2008 13:52:02 -0800

Okay, I think I get what you are trying to say -

However, if the KB is telling me to disable for example SSL 2.0 to ADD a
DWORD called Enabled and assign it a value of 0x00000000 (0) to disable the
SCHANNEL protocol I would have expected to find a similar key already present
in the PCT 1.0 protocol if Windows 2003 Server is disabled by default.

In addition, ALL of the protocol values for default are not defined (value
not set)

Just want to make sure I am understanding the KB correctly.

How would preform a PCT 1.0 test? I can see where I can test the SSL 2.0 /
3.0 and TLS 1.0 in the Internet Explorer browser advanced settings... but
don't know how I might be able to do this for the PCL to see if in fact it is
disabled

Thanks

"David Wang" wrote:

When you use the Windows API to read Registry keys, there is a
"default" value that is provided when the key does not exist.

Thus, the KB article is telling you that when there is no key, the
default value is disable (0).

How does one know if PCT is disabled by default? You either trust the
KB article or do your own test.

Can you clarify your question.

//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

On Jan 10, 8:09 am, Smurfman <smurf...@xxxxxxxxxxxxxx> wrote:

In reading KB 187498 - I found a string that stated by default PCT is not
enabled on Windows 2003 Server.

However when I look at the key location as outlined in the KB

HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server

There is no values for the Enabled DWORD

Enabled with a DWORD value of 0x00000000 is disabled and 0xffffffff is
enabled according to KB 216482 -

So - since the value is not present by default, how is it that PCT is
disabled by default according to the aforementioned KBs?

Thanks

""WenJun Zhang[msft]"" wrote:

No, Microsoft hasn't suggested to enable SSL 3.0 only and disable all the
other ciphers. Only SSL 2.0 is not recommended for sure. The answer of your
question is fully based on your real scenario. If your web application has
quite critical concern on the security and consider only SSL 3.0 clients
should be allowed to access the site, then I believe it's fine to disable
the other ones.

Furthermore, TLS 1.0 and SSL 3.0 are quite smiliar protocols. You may look
through the following article:

What is TLS/SSL?
http://technet2.microsoft.com/windowsserver/en/library/ed5ae700-e05e-...
36-45795dbb99a21033.mspx?mfr=true

Hope the info will be of some help. Have a nice day. :-)

Sincerely,

WenJun Zhang

Microsoft Online Community Support

==================================================

Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp...
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:

http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.- Hide quoted text -

- Show quoted text -

Follow-Ups:
- Re: SSL 2.0
  - From: David Wang

References:
- RE: SSL 2.0
  - From: "WenJun Zhang[msft]"
- RE: SSL 2.0
  - From: Smurfman
- RE: SSL 2.0
  - From: "WenJun Zhang[msft]"
- RE: SSL 2.0
  - From: Smurfman
- RE: SSL 2.0
  - From: "WenJun Zhang[msft]"
- RE: SSL 2.0
  - From: Smurfman
- Re: SSL 2.0
  - From: David Wang

Prev by Date: Re: SSL 2.0
Next by Date: Re: SSL 2.0
Previous by thread: Re: SSL 2.0
Next by thread: Re: SSL 2.0
Index(es):
- Date
- Thread

Relevant Pages

RE: SSL 2.0
... So - since the value is not present by default, how is it that PCT is ... Only SSL 2.0 is not recommended for sure. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
(microsoft.public.inetserver.iis.security)
[NT] Microsoft SSL Library Remote Compromise Vulnerability (MS04-011, Exploit)
... Get your security news from a reliable source. ... condition in the Microsoft Secure Sockets Layer (SSL) library. ... the PCT 1.0 protocol is disabled by default. ...
(Securiteam)
SSL workings
... Secure Sockets Layer or SSL is a protocol designed by Netscape ... develop Transport Layer Security or TLS, ...
(Security-Basics)
Re: The best small/medium database...?
... > And well we had a conversation with NexusDB guys, ... > level is not suitable for SSL. ... > very hard to convince the customers to trust such proprietary protocol. ... FIPS there is, including FIPS 196 for Entity Authentication, FIPS 186-2 ...
(borland.public.delphi.thirdpartytools.general)
Re: Commants on new authentication protocol
... are existing SSL toolkits are inadequate? ... > protocol often beats designing your own protocol (even if your own ... they'll still be able to steal my private key ... > to read my disk (e.g., say my encrypted passphrase is stored on a NFS ...
(sci.crypt)