Validating disabled SSLv2 !
in [IIS]
|
From: Viraj on 11 Dec 2009 21:42 This might come handy :) http://foundeo.com/products/iis-weak-ssl-ciphers/ Juan Carlos A wrote: About disabling SSL v2 support 17-Apr-07 I actually disabled SSL v2 suppport. How could I validate this change? There is any tool to validate this? Thanks. Previous Posts In This Thread: On Tuesday, April 03, 2007 8:02 PM RayYa wrote: Subject: How to disable SSL v2 support on IIS 6.0? Hi there, We're running a website on a IIS6.0 / Windows2003 SP1 server, with a Thawte web server certificate installed to enable HTTPS access. Now we want to force client connections use SSL v3 or SLT 1.0 or SLT 1.1 or better, so we decided to stop supporting SSL v2 on this server. But we wonder what we have to do to achive this? Many thanks in advance! Ray On Tuesday, April 03, 2007 8:58 PM Steve Schofield wrote: Re: Subject: How to disable SSL v2 support on IIS 6.0? These are the instructions to disable SSL 2.0 http://support.microsoft.com/kb/187498 -- Thank you, Steve Schofield Windows Server MVP - IIS ASPInsider Member - MCP http://www.orcsweb.com/ Managed Complex Hosting "Ray Yan" <RayYan(a)discussions.microsoft.com> wrote in message news:41F01654-B51D-489C-8D84-E1E35AA770F1(a)microsoft.com... On Tuesday, April 03, 2007 9:48 PM RayYa wrote: That's what I'm looking for!!! Thank you very much, Steve!!! That's what I am looking for!!! Thank you very much, Steve!!! Ray "Steve Schofield" wrote: On Tuesday, April 03, 2007 9:59 PM Steve Schofield wrote: Excellent! Excellent! We have pushed to several windows 2003 boxes with no issues. -- Thank you, Steve Schofield Windows Server MVP - IIS ASPInsider Member - MCP http://www.orcsweb.com/ Managed Complex Hosting "Ray Yan" <RayYan(a)discussions.microsoft.com> wrote in message news:504E205E-21BC-4401-826A-883E0DA8E05A(a)microsoft.com... On Tuesday, April 17, 2007 12:14 PM Juan Carlos A wrote: About disabling SSL v2 support I actually disabled SSL v2 suppport. How could I validate this change? There is any tool to validate this? Thanks. On Thursday, December 13, 2007 3:43 PM Sam Owen wrote: How to disable SSL v2 support on IIS 6.0? on a unix based box... On a command line, type: openssl s_client -connect TARGET_IP:PORT_NUMBER -ssl2 Where TARGET_IP is the IP address of the host in question and PORT_NUMBER is the port listed in the scan report for this QID. For mail servers (port 25 and others) which use START TLS, you will need to use: openssl s_client -connect 66.241.44.125:25 -ssl2 -starttls smtp If the result is an SSL handshake error similar to the example below, the host is not vulnerable: CONNECTED(00000003) 9216:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226: However, if the connection is established and a large amount of data is displayed including the SSLv2 handshake information similar to the example below, the issue was successfully reproduced. SSL handshake has read 798 bytes and written 239 bytes --- New, SSLv2, Cipher is DES-CBC3-MD5 Server public key is 1024 bit SSL-Session: Protocol : SSLv2 Cipher : DES-CBC3-MD5 Session-ID: F2922D03DA5689A5BE15F3C7A1004B2E Session-ID-ctx: Master-Key: 061F4A4851422C0CA55AE99B9DAAF56E4F3E2B4410B1E221 Key-Arg : C13A05C608CABE51 Krb5 Principal: None Start Time: 1099423702 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) Submitted via EggHeadCafe - Software Developer Portal of Choice Windows Forms .NET Creating an Owner-Drawn Menu http://www.eggheadcafe.com/tutorials/aspnet/fc9938c7-4b78-46c3-863d-bce78c6d5c95/windows-forms-net-creati.aspx
|
Pages: 1 Prev: IIS 6 virtual directory question Next: Can't assign IP to site |