Mailing List Archive: Nessus: users

SSL Weak Ciphers

Index | Next | Previous | View Threaded

mtimm at jcpenney

Feb 26, 2009, 9:13 AM

Post #1 of 2 (2076 views)
Permalink

SSL Weak Ciphers

On Windows Server 2003 how do I remediate Nessus IDs 26928 and 31705. Išve
already changed these entries at
SYSTEM\CurrentControlSet\Control\SecurityProvidersSCHANNEL\Ciphers to
Enabled = 0:

DES 56/56
NULL
RC2 40/128
RC4 40/128
RC4 56/128

Išve also changed these entries at SCHANNEL\Protocols to Enabled = 0:

PCT 1.0\Client
PCT 1.0\Server
SSL 2.0\Client
SSL 2.0\Server

And the vulnerabilities are still reported.

rgula at tenablesecurity

Feb 26, 2009, 6:47 PM

Post #2 of 2 (1886 views)
Permalink

Re: SSL Weak Ciphers [In reply to]

Mark Timm wrote:
> On Windows Server 2003 how do I remediate Nessus IDs 26928 and 31705. Išve
> already changed these entries at
> SYSTEM\CurrentControlSet\Control\SecurityProvidersSCHANNEL\Ciphers to
> Enabled = 0:
>
> DES 56/56
> NULL
> RC2 40/128
> RC4 40/128
> RC4 56/128
>
> Išve also changed these entries at SCHANNEL\Protocols to Enabled = 0:
>
> PCT 1.0\Client
> PCT 1.0\Server
> SSL 2.0\Client
> SSL 2.0\Server
>
> And the vulnerabilities are still reported.

I personally have not had to do this on an W2003 system. I did see this
KB at Microsoft:

http://support.microsoft.com/kb/245030

There was also a blog that summed it up.

http://blog.techstacks.com/2008/10/iis-disabling-sslv2-and-weak-ciphers.html#links

(Please move questions like this to the new discussions forum.)

Ron Gula
Tenable Network Security

_______________________________________________
Nessus mailing list
Nessus[at]list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com