Home page logo

webappsec logo WebApp Sec mailing list archives

RE: SSL v2/v3 configuration
From: "Dimitris Petropoulos" <D.Petropoulos () encode-sec com>
Date: Fri, 21 May 2004 17:01:22 +0300

Dear Gareth,

Regarding IIS:

Regarding Apache:

Hope this helps.

Best regards,

Dimitrios Petropoulos
MSc InfoSec, CISSP

Director, Security Research & Development
3, R.Melodou Str
151 25 Maroussi
Athens, Greece
Tel: +30210-6178410
Fax: +30210-6109579
web: www.encode-sec.com

-----Original Message-----
From: Gareth Bromley [mailto:gbromley () intstar com] 
Sent: Friday, May 21, 2004 11:28 AM
To: webappsec () securityfocus com
Subject: SSL v2/v3 configuration

As subject:

Got myself stumped the other day when looking at a clients 
configuration for a SSL webserver (on IIS) and noticed they 
accepted SSLv2 requests. For the life of me I couldn't figure 
out how to correct this behaviour (both IIS5 and IIS6), and 
wondered if anyone had good pointers to how to do this (so I 
am able to create suitable guidelines for this).

Of course this got me thinking, what about other webservers 
e.g. Netscape /iPlanet, etc which also may not be so well 
documented. Is anyone aware of any good links detailing 
sensible configuration for most common web serving platforms?



Any views expressed in this message are those of the
individual sender, except where the sender specifically
states them to be the views of ENCODE S.A.

  By Date           By Thread  

Current thread:
  • SSL v2/v3 configuration Gareth Bromley (May 21)
    • <Possible follow-ups>
    • RE: SSL v2/v3 configuration Dimitris Petropoulos (May 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]