Mailing List Archive

SSL Weak Ciphers
On Windows Server 2003 how do I remediate Nessus IDs 26928 and 31705. I¹ve
already changed these entries at
SYSTEM\CurrentControlSet\Control\SecurityProvidersSCHANNEL\Ciphers to
Enabled = 0:

DES 56/56
NULL
RC2 40/128
RC4 40/128
RC4 56/128

I¹ve also changed these entries at SCHANNEL\Protocols to Enabled = 0:

PCT 1.0\Client
PCT 1.0\Server
SSL 2.0\Client
SSL 2.0\Server

And the vulnerabilities are still reported.
Re: SSL Weak Ciphers [ In reply to ]
Mark Timm wrote:
> On Windows Server 2003 how do I remediate Nessus IDs 26928 and 31705. I¹ve
> already changed these entries at
> SYSTEM\CurrentControlSet\Control\SecurityProvidersSCHANNEL\Ciphers to
> Enabled = 0:
>
> DES 56/56
> NULL
> RC2 40/128
> RC4 40/128
> RC4 56/128
>
> I¹ve also changed these entries at SCHANNEL\Protocols to Enabled = 0:
>
> PCT 1.0\Client
> PCT 1.0\Server
> SSL 2.0\Client
> SSL 2.0\Server
>
> And the vulnerabilities are still reported.

I personally have not had to do this on an W2003 system. I did see this
KB at Microsoft:

http://support.microsoft.com/kb/245030

There was also a blog that summed it up.

http://blog.techstacks.com/2008/10/iis-disabling-sslv2-and-weak-ciphers.html#links

(Please move questions like this to the new discussions forum.)

Ron Gula
Tenable Network Security

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus