« Is is cos i is fat?
Linux Xen VPS Guest Setting the Damn Time!!!! »

PCI Compliance Weak Ciper IIS IIS6 Windows 2003 Plesk

Registry entries for disabling weak SSL cipers in IIS6 on Windows 2003

Registry entries for disabling weak SSL cipers in IIS6 on Windows 2003

After a recent PCI compliance scan on a customers website, one of the ‘Alerts’ listed as a high severity was:

‘Detected targeted service accepts connections for cryptographically weak SSL methods (e.g. SSLv2). Such methods are known to have cryptographic weaknesses as well as other exploitable vulnerabilities’

To get around this I went to:

HKLMSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\

\RC4 64/128 Subkey:RC4 64/128
\RC4 56/128 Subkey:RC4 56/128
\RC2 56/128 Subkey:RC2 56/128
\RC2 56/56 Subkey:RC2 56/56
\RC4 40/128 Subkey:RC4 40/128
\RC2 40/128 Subkey:RC2 40/128

And to “disable” these weaker cipers we add a DWORD of “ENABLED”=0

For a more ‘in depth’ explanation of this issue please read: http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html

This entry was posted on Friday, October 15th, 2010 at 4:57 pm and is filed under Hosting, IIS6. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply