I ran nessus against my IIS 5.0 server and determined I was using weak
ciphers in SSL. I followed Microsoft's recommended practices for disabling
through the registry. I ran nessus again and it still came back with the
same results. I double checked that I had disabled the weak ciphers in the
registry.
My question will nessus still show that I have the weak ciphers enabled even
if I have them disabled? Or is there a possibility that I haven't disabled
them properly? I think the question to find out is if disabling the cipher's
in the registry prevents them from being "grabbed" during a vulnerability
scan.oes the prevention of the ciphers happen at the OS level or at some
other level?
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
