P
pwverber
Hello,
I am trying to disable anything under 128 bit for SSL for pci compliance. I
have put in the registry keys as needed per
http://support.microsoft.com/?id=245030. I have restarted the server.
Unfortunately as you can see below it is not working as some are still shown
as supported under 128 bit. Is it possible I need to add registry keys or
something?
Windows 2003 w/ IIS 6
-------------------------------------------------------
THCSSLCheck v0.1 - coding johnny cyberpunk (www.thc.org
-------------------------------------------------------
[*] testing if port is up. pleaze wait...
[*] port is up !
[*] testing if service speaks SSL ...
[*] service speaks SSL !
[*] now testing SSLv2
-------------------------------------------------------
DES-CBC3-MD5 - 168 Bits - supported
IDEA-CBC-MD5 - 128 Bits - unsupported
RC2-CBC-MD5 - 128 Bits - supported
RC4-MD5 - 128 Bits - supported
RC4-64-MD5 - 64 Bits - unsupported
DES-CBC-MD5 - 56 Bits - supported
EXP-RC2-CBC-MD5 - 40 Bits - supported
EXP-RC4-MD5 - 40 Bits - supported
[*] now testing SSLv3
-------------------------------------------------------
DHE-RSA-AES256-SHA - 256 Bits - unsupported
DHE-DSS-AES256-SHA - 256 Bits - unsupported
AES256-SHA - 256 Bits - unsupported
EDH-RSA-DES-CBC3-SHA - 168 Bits - unsupported
EDH-DSS-DES-CBC3-SHA - 168 Bits - unsupported
DES-CBC3-SHA - 168 Bits - supported
DHE-RSA-AES128-SHA - 128 Bits - unsupported
DHE-DSS-AES128-SHA - 128 Bits - unsupported
AES128-SHA - 128 Bits - unsupported
IDEA-CBC-SHA - 128 Bits - unsupported
DHE-DSS-RC4-SHA - 128 Bits - unsupported
RC4-SHA - 128 Bits - supported
RC4-MD5 - 128 Bits - supported
EXP1024-DHE-DSS-DES-CBC-SHA - 56 Bits - unsupported
EXP1024-DES-CBC-SHA - 56 Bits - supported
EXP1024-RC2-CBC-MD5 - 56 Bits - unsupported
EDH-RSA-DES-CBC-SHA - 56 Bits - unsupported
EDH-DSS-DES-CBC-SHA - 56 Bits - unsupported
DES-CBC-SHA - 56 Bits - supported
EXP1024-DHE-DSS-RC4-SHA - 56 Bits - unsupported
EXP1024-RC4-SHA - 56 Bits - supported
EXP1024-RC4-MD5 - 56 Bits - unsupported
EXP-EDH-RSA-DES-CBC-SHA - 40 Bits - unsupported
EXP-EDH-DSS-DES-CBC-SHA - 40 Bits - unsupported
EXP-DES-CBC-SHA - 40 Bits - unsupported
EXP-RC2-CBC-MD5 - 40 Bits - supported
EXP-RC4-MD5 - 40 Bits - supported
Thank you in advance,
Phil
I am trying to disable anything under 128 bit for SSL for pci compliance. I
have put in the registry keys as needed per
http://support.microsoft.com/?id=245030. I have restarted the server.
Unfortunately as you can see below it is not working as some are still shown
as supported under 128 bit. Is it possible I need to add registry keys or
something?
Windows 2003 w/ IIS 6
-------------------------------------------------------
THCSSLCheck v0.1 - coding johnny cyberpunk (www.thc.org
-------------------------------------------------------
[*] testing if port is up. pleaze wait...
[*] port is up !
[*] testing if service speaks SSL ...
[*] service speaks SSL !
[*] now testing SSLv2
-------------------------------------------------------
DES-CBC3-MD5 - 168 Bits - supported
IDEA-CBC-MD5 - 128 Bits - unsupported
RC2-CBC-MD5 - 128 Bits - supported
RC4-MD5 - 128 Bits - supported
RC4-64-MD5 - 64 Bits - unsupported
DES-CBC-MD5 - 56 Bits - supported
EXP-RC2-CBC-MD5 - 40 Bits - supported
EXP-RC4-MD5 - 40 Bits - supported
[*] now testing SSLv3
-------------------------------------------------------
DHE-RSA-AES256-SHA - 256 Bits - unsupported
DHE-DSS-AES256-SHA - 256 Bits - unsupported
AES256-SHA - 256 Bits - unsupported
EDH-RSA-DES-CBC3-SHA - 168 Bits - unsupported
EDH-DSS-DES-CBC3-SHA - 168 Bits - unsupported
DES-CBC3-SHA - 168 Bits - supported
DHE-RSA-AES128-SHA - 128 Bits - unsupported
DHE-DSS-AES128-SHA - 128 Bits - unsupported
AES128-SHA - 128 Bits - unsupported
IDEA-CBC-SHA - 128 Bits - unsupported
DHE-DSS-RC4-SHA - 128 Bits - unsupported
RC4-SHA - 128 Bits - supported
RC4-MD5 - 128 Bits - supported
EXP1024-DHE-DSS-DES-CBC-SHA - 56 Bits - unsupported
EXP1024-DES-CBC-SHA - 56 Bits - supported
EXP1024-RC2-CBC-MD5 - 56 Bits - unsupported
EDH-RSA-DES-CBC-SHA - 56 Bits - unsupported
EDH-DSS-DES-CBC-SHA - 56 Bits - unsupported
DES-CBC-SHA - 56 Bits - supported
EXP1024-DHE-DSS-RC4-SHA - 56 Bits - unsupported
EXP1024-RC4-SHA - 56 Bits - supported
EXP1024-RC4-MD5 - 56 Bits - unsupported
EXP-EDH-RSA-DES-CBC-SHA - 40 Bits - unsupported
EXP-EDH-DSS-DES-CBC-SHA - 40 Bits - unsupported
EXP-DES-CBC-SHA - 40 Bits - unsupported
EXP-RC2-CBC-MD5 - 40 Bits - supported
EXP-RC4-MD5 - 40 Bits - supported
Thank you in advance,
Phil