I would look into Openssl to test out the Cipher Strengths for the SSL
Client, its pretty easy when you have it installed. That and SSLDigger
from Foundstone to test multiple sites, and verify the Cipher strengths.


 

Z

 

From: Richard Stovall [mailto:[email protected]] 
Sent: Wednesday, February 10, 2010 2:06 PM
To: NT System Admin Issues
Subject: Re: PCI compliance

 

How did you go about it?  The registry changes at 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\S
CHANNEL\Protocols\SSL 2.0]

and

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\S
CHANNEL\Ciphers]?

 

Is it only one user, and only on IE6?

On Wed, Feb 10, 2010 at 1:57 PM, paul d <[email protected]> wrote:

We have failed our PCI compliance due to some servers having SSL 2.0
enabled and "...the use of weak ciphers."

Has anybody run into an issue whereby they disabled 2.0 and/or weak
ciphers and then users couldn't connect?

Servers are W2000 and W2003.

My main concern is that since our pay "stubs" are now online (running on
the w2003 box) and someone using IE6 can't connect.

Thanks.

 

________________________________

Hotmail: Trusted email with Microsoft's powerful SPAM protection. Sign
up now. <http://clk.atdmt.com/GBL/go/201469226/direct/01/>  

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to