AnsweredAssumed Answered

Clearing up Vulnerabilities (BEAST) and other Cipher Suite Issues

Question asked by wrap2tyt on Jan 3, 2014

Good moring community,

 

As I am new to this site I think it appropriate to say that judging from the questions asked and the prompt and concise responses this should be a good place to get quality information.

 

My first question is regarding an application called "IIS Crypto", (which lead me here) used to reorder and configure cipher suites and SSL/TLS protocols. I'm sure this has probably been answered previously, but has anyone used this tool and what were your experiences remediating the following vulnerabilities on Windows 2003 and 2008 servers?

 

  • SSL Server Supports CBC     Ciphers for SSLv2
  • SSL Server Supports CBC     Ciphers for SSLv3
  • SSL Server Supports CBC     Ciphers for TLSv1
  • SSL Server Supports RC4     Ciphers for SSLv2
  • SSL Server Supports RC4     Ciphers for SSLv3
  • SSL Server Supports RC4     Ciphers for TLSv1
  • SSL Server Supports     Weak MAC Algorithms for SSLv2
  • SSL Server Supports     Weak MAC Algorithms for SSLv3
  • SSL Server Supports     Weak MAC Algorithms for TLSv1

 

Of course this is all for PCI and the reports do not say specifically which cipher suite is bad, you only get the generic solution "Disable support for weak...".

 

So again, good morning and thank you in advance.

 

--EDIT--

IIS Link for Crypto

https://www.nartac.com/Products/IISCrypto/Default.aspx

 

Message was edited by: Donald Jackson

Outcomes