December 17th, 2012, 02:10 AM
|
|
Registered User
|
|
Join Date: Dec 2012
Posts: 1
Time spent in forums: 9 m 13 sec
Reputation Power: 0
|
|
|
IIS 7.0 CIS Benchmark
While going through CIS benchmark for IIS 7.0 (CIS_Microsoft_IIS_7_Benchmark_v1.3.0.pdf), I found that in section 1.1.10 Use Only Strong Encryption Protocols, it is mentioned as follows;
To enable the SSL 3.0 protocol on R2 and SP2, ensure the following key does not exist. If the key does exist, ensure it is set to ffffffff.
HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server\Enabled
But i see in many forums that to enable SSL 3.0 on IIS 7.0/7.5 they set the above registry key to 1 and not ffffffff.
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
