Posts: 93
Threads: 20
Joined: Mar 2018
Reputation:
1
One of my web apps is being PCI certified.
1. How do I restrict ciphers from being used?
For example, I want to disallow ciphers
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
.. and others
2. I have an auditor querying if we can prevent ECDH public server param reuse
Is this possible and if so how.
TIA
Posts: 1,136
Threads: 37
Joined: Mar 2018
Reputation:
30
Location: Limassol, Cyprus
For which deployment method? The answer varies depending on of its IIS, SA, etc
Posts: 1,136
Threads: 37
Joined: Mar 2018
Reputation:
30
Location: Limassol, Cyprus
For IIS all SSL configurations are handled by IIS, so this is an IIS question. Please check the tool Jose posted to see if it will assist you.
ECDH public server param is also an IIS setting.
Neither of these when deployed via IIS are provided by IntraWeb itself.
Posts: 93
Threads: 20
Joined: Mar 2018
Reputation:
1
I tried running the same application as HSYS standalone and the log file is reporting
"Http compression has been disabled: SSE 4.2 is required for ZLib compression however this processor does not support SSL 4.2."
Help will be appreciated...
Posts: 1,136
Threads: 37
Joined: Mar 2018
Reputation:
30
Location: Limassol, Cyprus
HSYS standalone? Those are 2 separate things. HTTP.sys or standalone?
What CPU is causing the issue?