Ciphers - Printable Version

Ciphers - Printable Version

+- Atozed Forums (https://www.atozed.com/forums)
+-- Forum: Atozed Software Products (https://www.atozed.com/forums/forum-1.html)
+--- Forum: IntraWeb (https://www.atozed.com/forums/forum-3.html)
+---- Forum: English (https://www.atozed.com/forums/forum-16.html)
+----- Forum: IntraWeb General Discussion (https://www.atozed.com/forums/forum-4.html)
+----- Thread: Ciphers (/thread-1685.html)

Pages: 1 2

Ciphers - zsleo - 05-21-2020

One of my web apps is being PCI certified.

1. How do I restrict ciphers from being used?

For example, I want to disallow ciphers
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
.. and others

2. I have an auditor querying if we can prevent ECDH public server param reuse

Is this possible and if so how.

TIA

RE: Ciphers - kudzu - 05-21-2020

For which deployment method? The answer varies depending on of its IIS, SA, etc

RE: Ciphers - zsleo - 05-21-2020

(05-21-2020, 04:40 PM)kudzu Wrote: For which deployment method? The answer varies depending on of its IIS, SA, etc

It is IIS on a Win 2016 Server

RE: Ciphers - Jose Nilton Pace - 05-22-2020

For Win Server i use this software to handle configs:
https://www.nartac.com/Products/IISCrypto/Download

RE: Ciphers - kudzu - 05-22-2020

For IIS all SSL configurations are handled by IIS, so this is an IIS question. Please check the tool Jose posted to see if it will assist you.

ECDH public server param is also an IIS setting.

Neither of these when deployed via IIS are provided by IntraWeb itself.

RE: Ciphers - zsleo - 05-22-2020

(05-22-2020, 05:55 PM)kudzu Wrote: For IIS all SSL configurations are handled by IIS, so this is an IIS question. Please check the tool Jose posted to see if it will assist you.

ECDH public server param is also an IIS setting.

Neither of these when deployed via IIS are provided by IntraWeb itself.

Thanks to both of you

RE: Ciphers - zsleo - 05-25-2020

I tried running the same application as HSYS standalone and the log file is reporting
"Http compression has been disabled: SSE 4.2 is required for ZLib compression however this processor does not support SSL 4.2."

Help will be appreciated...

RE: Ciphers - kudzu - 05-25-2020

HSYS standalone? Those are 2 separate things. HTTP.sys or standalone?

What CPU is causing the issue?

RE: Ciphers - zsleo - 05-25-2020

(05-25-2020, 05:36 PM)kudzu Wrote: HSYS standalone? Those are 2 separate things. HTTP.sys or standalone?

What CPU is causing the issue?

... HSYS exe ...

If you mean CPU of the server, it is E5649 in an HS22 blade. Also, this is happening with both 32 bit and 64 bit builds

RE: Ciphers - Alexandre Machado - 05-25-2020

(05-25-2020, 01:52 AM)zsleo Wrote: I tried running the same application as HSYS standalone and the log file is reporting
"Http compression has been disabled: SSE 4.2 is required for ZLib compression however this processor does not support SSL 4.2."

Help will be appreciated...

This processor supports SSE 4.2 but somehow our code to detect it is failing.

I'll investigate this and get back to you