PCI Compliance Weak Ciper IIS IIS6 Windows 2003 Plesk
After a recent PCI compliance scan on a customers website, one of the ‘Alerts’ listed as a high severity was:
‘Detected targeted service accepts connections for cryptographically weak SSL methods (e.g. SSLv2). Such methods are known to have cryptographic weaknesses as well as other exploitable vulnerabilities’
To get around this I went to:
HKLMSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\
\RC4 64/128 Subkey:RC4 64/128
\RC4 56/128 Subkey:RC4 56/128
\RC2 [...]