Atozed Forums
Ciphers - Printable Version

+- Atozed Forums (
+-- Forum: Atozed Software Products (
+--- Forum: IntraWeb (
+---- Forum: English (
+----- Forum: IntraWeb General Discussion (
+----- Thread: Ciphers (/thread-1685.html)

Pages: 1 2

RE: Ciphers - Alexandre Machado - 05-25-2020

(05-21-2020, 12:38 AM)zsleo Wrote: One of my web apps is being PCI certified.

1. How do I restrict ciphers from being used?

For example, I want to disallow ciphers
.. and others

2. I have an auditor querying if we can prevent ECDH public server param reuse

Is this possible and if so how.


Regarding the ciphers in Http.sys I recommend you to use some tool like the one mentioned by JSP, above. The GUI version is really simple and easy to use.

RE: Ciphers - Alexandre Machado - 05-26-2020

Do you know the virtualization software that is being used?

Our SSE 4.2 detection code is correct. Very likely your VM software is returning wrong results due to a cpuid instruction call....

Can you run this on it and see what you get?

RE: Ciphers - zsleo - 05-26-2020

I will use that tool but it is a production server so we can only reboot it after 2 AM tomorrow.

I will report back.

I have a test server that is a Xeon 5160. Does Xeon 5160 support the algorithm?

RE: Ciphers - Alexandre Machado - 05-26-2020

The CoreInfo tool doesn't need reboot. It is just something which retrieves the CPU information as reported by the VM. I just want you to execute it once, and grab that information so we can analyze it

RE: Ciphers - zsleo - 05-26-2020

Just ran the app up on a win server 2019 in Azure and it works very nicely.

RE: Ciphers - Alexandre Machado - 05-26-2020

Nice! I'm still interested to know the reason of that SSE 4.2 detection failure. As I mentioned, the detection code is in accordance with Intel recommendations, so I suspect that it was caused by the virtualization software.

RE: Ciphers - Alexandre Machado - 05-27-2020

In IW 15.2.0 released today, there is a new variable which allows you to bypass the SSE 4.2 compatibility check.

In your DPR File, before running your application just set


  IWZLibExAPI.IgnoreSSE42Check := True;

This will allow SSE 4.2 compression to be used regardless of the status obtained via cpuid instruction. You can use it when you are certain that SSE 4.2 is supported.

RE: Ciphers - zsleo - 05-27-2020

Thanks, Alexandre.

I am still waiting, because it is a PCI controlled environment, for approval to install and run then Core Info on the box.