Posts Tagged disable

Disable SSL 2 on Windows Server

Posted by Le Kevin in Computer on February 5, 2010

Secure Socket Layer protocol version 2 (SSL v2) has a serious vulnerability. Successful exploitation of this vulnerability would allow an attacker to execute arbitrary code in the context of the affected server. No authentication is required to reach the vulnerable code. No user interaction is required. Since this vulnerability is in library code used by multiple applications, the details of how an attacker would exploit it vary. In all cases, an attacker would need to specify invalid parameters as part of the SSLv2 handshake.  Common Vulnerabilities and Exposures (CVE) classified the vulnerability under CVE-2004-0120. Microsoft identified such vulnerabilities in its security bulletin MS04-011 but until today the default configuration for Windows 2000 and Windows 2003 has SSL v2.0 protocol enabled.
To disable SSL V2 protocol:
1.
Click Start, click Run, type regedt32 or type regedit, and then click OK.
2.

In Registry Editor, locate the following registry key:

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server
3.
On the Edit menu, click Add Value.
4.
In the Data Type list, click DWORD.
5.

In the Value Name box, type Enabled, and then click OK.

Note If this value is present, double-click the value to edit its current value.
6.
Type 00000000 in Binary Editor to set the value of the new key equal to “0″.
7.
Click OK

sources: http://support.microsoft.com/kb/187498

testing ssl: http://foundeo.com/products/iis-weak-ssl-ciphers/test.cfm

Share|

, , , , ,

No Comments