Nessus Security Vulnability Fix: SSL Version 2 (v2) Protocol Detection
Under:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\
...create a key for SSL 2.0, if it doesn't exist. Then inside that key, create a key for Server if it doesn't exist.
Then inside that key (you should be at SCHANNEL\Protocols\SSL 2.0\Server), create a DWORD value with the name of Enabled and a value of 0.
Once that's in place, reboot the server - a service restart alone isn't enough for this change to take effect.
Related videos on Youtube
05 : 21
14 : 03
03 : 11
09 : 03
02 : 27
MacGyver
Updated on September 18, 2022Comments
-
MacGyver over 1 year
Below, in quotes, is a medium severity issue discovered after scanning an IIS web server, with a tool called Nessus.
"Consult the application's documentation to disable SSL 2.0 and use SSL 3.0, TLS 1.0, or higher instead"
I found this article, but I cannot find the "Server" folder. "Client" is the only folder listed on the machine I had scanned, under this registry path,
HKey_Local_Machine \System\ CurrentControlSet\ Control\ SecurityProviders\ SCHANNEL\ Protocols\ PCT 1.0\. The OS is Windows Server 2008, x64. What steps do I need to take to fix this vulnerability?http://support.microsoft.com/?id=187498
Does this have to be set a certain way?
-
MacGyver about 11 yearsIf I don't have a "Server" folder under "SSL 2.0", should I just create the folder?
-
ravi yarlagadda about 11 years@MacGyver Yes, create it if it doesn't exist (the folders are called keys in the registry).
