AnsweredAssumed Answered

Windows  2003 Server SP2 (IIS 6) Best Cipher Suites, HotFix, Nartac, and Descrepancies

Question asked by Allen Jones on Jan 14, 2015
Latest reply on Jan 27, 2015 by Allen Jones

I need some things cleared up.  Any help would be much appreciated.

 

The Microsoft hotfix provides two CIPHER SUITES below which do not match with the recommended Cipher Suites from www.G-SEC.lu namely (1) the "key exchange" is different but also the hotfix cipher suites seem to also include a "repeat" of the cipher which I will put in RED FONT for distinction.  Oddly enough, NArtac shows the cipher suites (reference the screenshot) shown in the Hotfix but without the last portion which I used in red font. Is this the same cipher suite? If so, why the extra?

 

I supplied a screen shots of both the Nartac utility and G-sec recommendation and also provided the URL of the Hotfix and pasted the ciphers for convenience. I believe the discrepancies are clearly shown.  I just do not know what course to take. I contemplated just using NARtac to enable what is shown in its screenshot MINUS configuring any cipher suites by simply unchecking all the cipher suites and clicking apply.  Then I would use IIS 6 configuration utility and manually paste in the six unique cipher suites and ordering them.  But that still does not answer my question about the discrepancies and if I am on the right track.  Thank you for your attention to this post and your guidance! Sincerely, allen

 

 

 

Windows Hotfix (in KB948963)(Https://support.microsoft.com/kb/948963)

TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA

TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA

 

---------------------------------------------------------------------------------------------------------------------------------------------


TLS/SSL Hardening and Compatibility Report by G-SEC.lu (2010)

uploadedimage.png

Outcomes