I would look into Openssl to test out the Cipher Strengths for the SSL Client, its pretty easy when you have it installed. That and SSLDigger from Foundstone to test multiple sites, and verify the Cipher strengths.
Z From: Richard Stovall [mailto:[email protected]] Sent: Wednesday, February 10, 2010 2:06 PM To: NT System Admin Issues Subject: Re: PCI compliance How did you go about it? The registry changes at [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\S CHANNEL\Protocols\SSL 2.0] and [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\S CHANNEL\Ciphers]? Is it only one user, and only on IE6? On Wed, Feb 10, 2010 at 1:57 PM, paul d <[email protected]> wrote: We have failed our PCI compliance due to some servers having SSL 2.0 enabled and "...the use of weak ciphers." Has anybody run into an issue whereby they disabled 2.0 and/or weak ciphers and then users couldn't connect? Servers are W2000 and W2003. My main concern is that since our pay "stubs" are now online (running on the w2003 box) and someone using IE6 can't connect. Thanks. ________________________________ Hotmail: Trusted email with Microsoft's powerful SPAM protection. Sign up now. <http://clk.atdmt.com/GBL/go/201469226/direct/01/> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
