Nessus Security Vulnability Fix: SSL Version 2 (v2) Protocol Detection

Question

Below, in quotes, is a medium severity issue discovered after scanning an IIS web server, with a tool called Nessus.

"Consult the application's documentation to disable SSL 2.0 and use SSL 3.0, TLS 1.0, or higher instead"

I found this article, but I cannot find the "Server" folder. "Client" is the only folder listed on the machine I had scanned, under this registry path, HKey_Local_Machine \System\ CurrentControlSet\ Control\ SecurityProviders\ SCHANNEL\ Protocols\ PCT 1.0\. The OS is Windows Server 2008, x64. What steps do I need to take to fix this vulnerability?

http://support.microsoft.com/?id=187498

Does this have to be set a certain way?

enter image description here

score 0 · Answer 1 · answered Apr 18 '13 at 19:54

0

I've used IISCrypto to fix it for me.

answered Apr 18 '13 at 19:54

Tradiuz

127
1
9

score 0 · Accepted Answer · answered Apr 19 '13 at 06:25

0

Under:

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

...create a key for SSL 2.0, if it doesn't exist. Then inside that key, create a key for Server if it doesn't exist.

Then inside that key (you should be at SCHANNEL\Protocols\SSL 2.0\Server), create a DWORD value with the name of Enabled and a value of 0.

Once that's in place, reboot the server - a service restart alone isn't enough for this change to take effect.

answered Apr 19 '13 at 06:25

Shane Madden

112,982
12
174
248

If I don't have a "Server" folder under "SSL 2.0", should I just create the folder? – MacGyver Apr 19 '13 at 10:53
@MacGyver Yes, create it if it doesn't exist (the folders are called keys in the registry). – Shane Madden Apr 19 '13 at 21:46

Nessus Security Vulnability Fix: SSL Version 2 (v2) Protocol Detection

2 Answers2