Re: SBS and SSL v.3.0

I wasn't sure if it was IIS or IE based on the follow up by Cris.

IIS 6.0 will indeed support SSL v.3..

IE ...who cares... I don't surf at the server.

SteveB wrote:

Are you on the right question? This is concerning IIS support for SSL v.3


"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx> wrote in message news:u8qzm0tmGHA.3596@xxxxxxxxxxxxxxxxxxxxxxx


Given that I don't surf at the server in the first place...why do they recommend this when you shouldn't be surfing there anyway?

Cris Hanna (SBS-MVP) wrote:



don't know know what they are thinking. Don't use firefox or Apache. Not familiar with Qualys or Nessus

--
Cris Hanna [SBS-MVP]
--------------------------------------
Please do not respond directly to me, but only post in the newsgroup so all can take advantage

"SteveB" <swb_mct@xxxxxxx <mailto:swb_mct@xxxxxxx>> wrote in
message news:Oc7zmEtmGHA.4212@xxxxxxxxxxxxxxxxxxxxxxx
Then what are they thinking when they recommend SSL v3.0 ?? Where
is it supported? Apache, Firefox ?

"Cris Hanna (SBS-MVP)"
<crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
<mailto:crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>>
wrote in message news:eup5a3smGHA.1488@xxxxxxxxxxxxxxxxxxxxxxx
IE 7.0 supports SSL 3.0 IE 7.0 is still in beta and there
are issues in using IE 7.0 with certain SBS features
I would suspect (and its only my opinion) that it may take IIS
7.0 which will come with Windows Server (Longhorn)

-- Cris Hanna [SBS-MVP]
--------------------------------------
Please do not respond directly to me, but only post in the
newsgroup so all can take advantage

"SteveB" <swb_mct@xxxxxxx <mailto:swb_mct@xxxxxxx>> wrote
in message news:uyFE4TsmGHA.3596@xxxxxxxxxxxxxxxxxxxxxxx
When you run either of the two leading vulnerability
scanners (Qualys or
Nessus) against any Microsoft server including SBS2003,
you get the
recommendaton to upgrade to SSL v.3.0. because of specific
flaws in SSL v2.
Is this a simple option to enable in IIS and is it
automatically supported
in Internet Explorer.

I can't find it in IIS.

I am not asking for an assessment of it's importance . .
.Banks are scanned
by one of these two scanners frequently in response to
regulation, and they
run a closed system of Servers and Clients with SSL. If
it just a matter of
clicking a couple of boxes, they could eliminated this
reported
vulnerabiity.

Thanks







.

Relevant Pages

  • Re: WCF webservice over SSL and without
    ... Microsoft MSDN Online Support Lead ... You can send feedback directly to my manager at: ... WCF webservice over SSL and without ... I'm also familiar with how to setup a secure site in IIS. ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: WCF webservice over SSL and without
    ... Based on your further description, you have setup the SSL correctly in IIS server, but encountered some problem visit the WCF service's metadata page, correct? ... \par> Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: WCF webservice over SSL and without
    ... encryption/signature is handled by SOAP instead of HTTP (IIS) and should be ... I'm assuming there's some point of endpoint configuration I need to do. ... Are you going to use SSL over Http(the most common and convenient ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: WCF webservice over SSL and without
    ... I'm also familiar with how to setup a secure site in IIS. ... I'm assuming there's some point of endpoint configuration I need to do. ... you're going to expose your WCF service via both SSL ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: SSL broken after Windows 2003 upgrade
    ... The svchost.exe you reference is "IIS". ... routes them to the appropriate w3wp.exe based on configuration from WAS ... WFetch can make both a normal SSL request as well as a Client-Certificate ...
    (microsoft.public.inetserver.iis)