About SSL Weak Cipher Suites Supported vulnerability on Windows 2003 SP2

Discussion in 'Server Security' started by InputIO, Mar 24, 2009.

  1. InputIO

    InputIO Guest

    Hi guys,

    it's possibe that on server where not installed IIS or start a HTTPSSL
    service that exist any vulnerability about :

    "SSL Weak Cipher Suites Supported" ?

    A consultant tell my that have make a scan on system and found this problem
    ; if it's possible how i can fix it ?

    Thanks in advance.
     
    InputIO, Mar 24, 2009
    #1
    1. Advertisements

  2. Hello,

    "Weak Supported SSL Ciphers Suites - The remote host supports the use of SSL
    ciphers that offer either weak encryption or no encryption at all."

    This vulnerability is caused by the server accepting the use of weaker
    encryption methods than the recommended 128-bit encryption. To ensure your
    server only supports the highest level of encrypted communications, you must
    disable supporting weaker encryption types through the system's registry.
    This is a simple registry edit that is applied to resolve the vulnerability.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES
    56/56]
    "Enabled"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2
    40/128]
    "Enabled"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4
    40/128]
    "Enabled"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4
    56/128]
    "Enabled"=dword:00000000

    Hope this helps!
    -Brock
     
    Brock Hensley, Mar 25, 2009
    #2
    1. Advertisements

  3. InputIO

    InputIO Guest

    thank you!

     
    InputIO, Mar 30, 2009
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.