On Wed, Jan 07, 2004 at 01:39:57PM -0500, David Bass wrote: > The SSLv2 server offers 1 strong ciphers, but also 0 medium strength > and 2 weak "export class" ciphers. > > The Nessus reccomendation is: > > Ensure the server only accepts strong ciphers and upgrade your client > software if necessary. > > However, I could not find out how this is performed(Through the > Registry...is it a setting in IIS)??
It depends on the application. Although you don't say which this warning applies to, your question suggests it's an IIS server. If so, take a look at Microsoft Knowledge Base Article 245030, available as <http://support.microsoft.com/default.aspx?scid=kb;en-us;245030>, and note the plugin classifies ciphers with less than 56 bits as weak; those with between 56 and 89 inclusive as medium strength, and those with 90 or more as strong. Keep in mind there may be reasons to support export-grade ciphers (eg, the client base is international). George -- [EMAIL PROTECTED]
pgp00000.pgp
Description: PGP signature
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
