information gathering – SSL Version 2 (v2) Protocol Detection

To turn off sslv2 (SSL Version 2)

regedit
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server
Right click New/DWORD name it Enabled (leave the data value as 0x00000000 (0) then reboot server.

SSL Weak cipher suites supported

regedit
Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers

Then right click on DES 56/56 and create new/DWORD Value type in Enabled in the name and for the data value 0x00000000

Then do the same for RC2 40/128, RC4 40/128, RC4 56/128

Rescan with Nessus and you should not see SSL Weak cipher suites supported any more.

----------------------------------------------

root@bt:~# nmap --script ssl-enum-ciphers -p 443 IP-Address

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-07-11 12:58 BST
Nmap scan report for test-pc (IP-Address)
Host is up (0.00039s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
|_ Least strength = strong
MAC Address: 11:22:33:a1:2b:3d

Nmap done: 1 IP address (1 host up) scanned in 431.46 seconds

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s