secmail.lists gmail.com wrote:
> All -
>
> I am looking to have a client disable SSL v2 ciphers on
IIS 5.0 any idea on how to do it? I checked technet and
others and it seems to be a mistery. I reommended the
follwing:
> http://s
upport.microsoft.com/kb/187498/en-us
>
> The admin made the registry changes and bounced the
server yet the ciphers still report they are available (note
I used openssl s_client ... to test)
>
> Thanks
> Don
>
>
Don,
The ciphers can be used with the SSLv2 and SSLv3 protocols.
Even if the
SSLv2 protocol has been disabled, the same ciphers can be
used with an
SSLv3 connection. This may be a misunderstanding on my part
however as
you appear to be attempting to disable the protocol its
self. You could
ask the client to export the registry keys from the server
so you could
verify the correct entries. I would also inquire about any
firewalls/proxies/etc in between you and the server you are
testing
against. Perhaps the another device along the route could be
handling
the SSL?
--Eoin
------------------------------------------------------------
-------------
Sponsored by: Watchfire
AppScan 6.5 is now available! New features for Web Services
Testing,
Advanced Automated Capabilities for Penetration Testers, PCI
Compliance
Reporting, Token Analysis, Authentication testing, Automated
JavaScript
execution and much more.
Download a Free Trial of AppScan today!
https://www.watchfire.com/securearea/app
scancamp.aspx?id=70150000000CYkc
------------------------------------------------------------
-------------
|