Jun
18
2009

Microsoft KB unwisely forces TLS

For PCI compliance on an IIS5 or IIS6 server, SSL2 should be disabled and 40-bit should be disabled.  This Microsoft KB includes a .reg script to disable everything except for 3DES TLS:

http://support.microsoft.com/kb/245030/en-us

However, TLS is not enabled by default in IE6 which makes this script problematic.  IE6 clients without TLS enabled will present a “page cannot be displayed” error to the user.

A better approach than the one recommended by Microsoft is to also enable 128-bit RC4 SSL v3.

posted in Uncategorized by Satyen

Follow comments via the RSS Feed | Leave a comment | Trackback URL

Leave Your Comment

 
Powered by Wordpress and MySQL. Theme by openark.org