Re: Allowing SSL3 and only SSL3
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx>
- Date: Mon, 5 Dec 2005 19:57:48 -0600
I have not tried this myself but see the link below to the KB article that
may be of help on how to disable such protocols. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;187498
Microsoft Windows NT Server stores information about different
security-enhanced channel protocols that Windows NT Server supports. This
information is stored in the following registry key:
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders
\SCHANNEL\Protocols
Typically, this key contains the following subkeys: . PCT 1.0
. SSL 2.0
. SSL 3.0
. TLS 1.0
Each key holds information about the protocol for the key. Any one of these
protocols can be disabled at the server. To do this, you create a new DWORD
value in the server subkey of the protocol. You set the DWORD value to "00
00 00 00."
Note By default, PCT is not enabled on Microsoft Windows Server 2003.
"Jon" <Jon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2851BC0F-7DE4-4830-B9BA-AFDCCF72C57C@xxxxxxxxxxxxxxxx
> Hi all, I recently installed a v3 verisign certificate on my windows 2000
> Server. I am attempting to limit connections to my website strictly to
> SSL3
> 128 bit encryption. The SSL3 connection does work, however if I test by
> either lowering my internet options in IE to disable SSL3 and only enable
> SSL2, or test with OpenSSL, I can still successfully make an SSL2
> connection.
>
> I'd like to protect my end users. Can I set the server to only make SSL3
> connections?
>
> Thanks!
.
- Prev by Date: Re: Allowing SSL3 and only SSL3
- Next by Date: Re: Apply Security Policies
- Previous by thread: Re: Allowing SSL3 and only SSL3
- Index(es):
Relevant Pages
|
|
