I changed this on some Exchange servers.  I had no issues with people not being 
able to connect.  I cant say for sure that I ever tested IE6, but I had a large 
enough user base that if something had broken I would have heard about it.

Jeremy

From: paul d [mailto:[email protected]]
Sent: Wednesday, February 10, 2010 11:11 AM
To: NT System Admin Issues
Subject: RE: PCI compliance

I haven't made the changes yet, Richard.  But, yes, those are the changes I'd 
make.  I was just wondering if anybody had made the change and ran into a 
problem.  In 'googling', I ran across a message from someone running SBS that 
said disabling 2.0 would stop IE6 users from accessing that server.
________________________________
Date: Wed, 10 Feb 2010 14:06:04 -0500
Subject: Re: PCI compliance
From: [email protected]
To: [email protected]

How did you go about it?  The registry changes at
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL
 2.0]
and
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]?

Is it only one user, and only on IE6?
On Wed, Feb 10, 2010 at 1:57 PM, paul d 
<[email protected]<mailto:[email protected]>> wrote:
We have failed our PCI compliance due to some servers having SSL 2.0 enabled 
and "...the use of weak ciphers."

Has anybody run into an issue whereby they disabled 2.0 and/or weak ciphers and 
then users couldn't connect?

Servers are W2000 and W2003.

My main concern is that since our pay "stubs" are now online (running on the 
w2003 box) and someone using IE6 can't connect.

Thanks.

________________________________
Hotmail: Trusted email with Microsoft's powerful SPAM protection. Sign up 
now.<http://clk.atdmt.com/GBL/go/201469226/direct/01/>








________________________________
Hotmail: Trusted email with powerful SPAM protection. Sign up 
now.<http://clk.atdmt.com/GBL/go/201469227/direct/01/>




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to