information gathering – SSL Version 2 (v2) Protocol Detection

To turn off sslv2 (SSL Version 2)

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server
Right click New/DWORD name it Enabled (leave the data value as 0x00000000 (0) then reboot server.

SSL Weak cipher suites supported

Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers

Then right click on DES 56/56 and create new/DWORD Value type in Enabled in the name and for the data value 0x00000000

Then do the same for RC2 40/128, RC4 40/128, RC4 56/128

Rescan with Nessus and you should not see SSL Weak cipher suites supported any more.


root@bt:~# nmap --script ssl-enum-ciphers -p 443 IP-Address

Starting Nmap 5.61TEST4 ( ) at 2012-07-11 12:58 BST
Nmap scan report for test-pc (IP-Address)
Host is up (0.00039s latency).
443/tcp open https
| ssl-enum-ciphers:
|_ Least strength = strong
MAC Address: 11:22:33:a1:2b:3d

Nmap done: 1 IP address (1 host up) scanned in 431.46 seconds

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s