Using SSLv3 - Enabling Strong Ciphers Server 2008

windows-server-2008 security ssl
6,095

If you haven't touched the configuration, strong ciphersuites are enabled by default. The list of default ciphersuites in Vista and Server 2008 is on MSDN.

What you listed are not quite ciphersuite names, as they are missing pieces. AES128-SHA is just part of it. A ciphersuite has few parts - key exchange algorithm, encryption/decryption algorithm, and hmac algorithm, so the AES128-SHA example is missing key exchange algorithm. A proper name will be TLS_RSA_WITH_AES_128_CBC_SHA.

I would recommend ssllabs.com for testing publicly reachable web servers.

Share:
6,095

Related videos on Youtube

Admin
Author by

Admin

Updated on September 17, 2022

Comments

  • Admin
    Admin over 1 year

    I've disabled SSLv2 and SSLv3 is on. However I cannot connect to a remote server which fails with

    The client and server cannot communicate, because they do not possess a common algorithm

    Ran an SSL check (http://www.serversniff.net/sslcheck.php) on the remote server and ours, and noticed none of the ciphers they accept we have on our server. How can this be configured? (Windows Web Server 2008)

    Remote Server Accepted SSL ciphers:

    DHE-RSA-AES256-SHA
AES256-SHA
EDH-RSA-DES-CBC3-SHA
DES-CBC3-SHA
DHE-RSA-AES128-SHA
AES128-SHA

    Our server by default accepts:

    DES-CBC3-SHA
RC4-SHA
RC4-MD5
  • grasshopper
    grasshopper over 13 years
    Thanks for the comment. I just thought that might have been the issue as the real problem is: "The client and server cannot communicate, because they do not possess a common algorithm." - msxml6.dll error '80090331'
  • Nasko
    Nasko over 13 years
    The error most likely doesn't come from MSXML.DLL, rather from the security subsystem on Windows. Look in the event log for logs from the "Schannel" component, which implements SSL/TLS on Windows. There might be some clues there. Did you actually resolve the issue?
  • grasshopper
    grasshopper over 13 years
    No I never managed to resolve this issue. The only workaround was to use ASP.NET's HttpWebRequest component and most importantly, specify this: "System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3"
  • Nasko
    Nasko over 13 years
    What is the machine you are trying to authenticate to? If it is publicly reachable, I can take a peek at what it supports and see if there is anything I can spot.
  • grasshopper
    grasshopper over 13 years
    Thanks Nasko, the remote site has reenabled TLSv1 and the original code all works now. It seems theres no way to force SSLv3 using ServerXMLHTTP. Thanks for all your help.
  • fuero
    fuero about 11 years
    you didn't answer the question asked.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to disable SSL/TLS compression in Apache 2.2.16?
Disabling weak ciphers
'Certificate types are not available' When creating computer certificate?
IIS7 give ApplicationPoolIdentity access to a network location
How do you get Maven to accept invalid SSL certificates?
What does my installed .cer certificate not show in IIS?
Node.js, simple TLS client/server
WebLogic SSL: No identity key/certificate entry was found under alias in keystore
Error while creating self-signed SSL certificate
ORACLE, UTL_HTTP and SSL