[isalist] Re: SSL 2.0 vs SSL 3.0
- From: Rob Moore <RMoore@xxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 3 Nov 2010 14:52:19 -0400
Thanks, I'll give it a shot tomorrow. If it all breaks down, you'll come here
to fix it for me, right? :)
Rob
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
Sent: Wednesday, November 03, 2010 2:29 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SSL 2.0 vs SSL 3.0
You can create the Key's for SSL 3.0 and another one under it with client on
it. Then simple follow the instructions on the document, I'm not sure if a
reboot is need it for the computer or at least IIS.
Regards
Diego R. Pietruszka
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Rob Moore
Sent: Wednesday, November 03, 2010 1:47 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SSL 2.0 vs SSL 3.0
Thanks. I took a look at that article. When I look in the registry of our TS
gateway at the key
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders
\SCHANNEL\Protocols\ the ONLY key there is SSL 2.0. There is no SSL 3.0 key.
Should that concern me? If I run the fixer application it says it will disable
SSL 2.0-I guess by putting in a new DWORD and setting it to 0. (Or does it
remove the whole SSL 2.0 key?) The article doesn't give instructions for
manually stopping support for SSL 2.0. So I'm concerned that if I disable 2.0,
there will be neither 2.0 nor 3.0. Is that a valid concern?
Thanks,
Rob
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
Sent: Wednesday, November 03, 2010 11:47 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SSL 2.0 vs SSL 3.0
SSL 3.0 is most likely already enabled, what you have to do is disable 2.0 so
the first one is the only one accepting the connections.
That needs to be changed from the registry on your gateway server, it has
nothing to do with TMG or ISA, so go to your gateway server and check the below
link which will guide you on the right direction.
http://support.microsoft.com/kb/187498
Regards
Diego R. Pietruszka
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Rob Moore
Sent: Wednesday, November 03, 2010 11:01 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] SSL 2.0 vs SSL 3.0
This may be a stupid question, or maybe not. I am ignorant on this topic.
Our Development office is looking to do some processing of credit card info on
our network. So a third party ran a scan on the public side of our network. One
of the things they found was that a couple of our public facing addresses are
using SSL 2.0. They want us to discontinue that and use SSL 3.0.
The address in question is our Terminal Services Gateway, and it's being
presented to the outside world via TMG. It only accepts HTTPS traffic. We're
using a commercial SSL cert. I have no idea how to change from SSL 2.0 to 3.0,
nor what the ramifications might be if I did make the switch. Any insights?
(They found some other vulnerabilities as well, on a separate address. But I
want to start with just this one question so as not to muddy the waters. I may
follow up with another question or two.)
Thanks,
Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore
Network Manager
215-241-7870
Helpdesk: 800-500-AFSC
Other related posts:
