Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
(05-21-2020, 12:38 AM)zsleo Wrote: One of my web apps is being PCI certified.

1. How do I restrict ciphers from being used?

For example, I want to disallow ciphers
.. and others

2. I have an auditor querying if we can prevent ECDH public server param reuse

Is this possible and if so how.


Regarding the ciphers in Http.sys I recommend you to use some tool like the one mentioned by JSP, above. The GUI version is really simple and easy to use.
Do you know the virtualization software that is being used?

Our SSE 4.2 detection code is correct. Very likely your VM software is returning wrong results due to a cpuid instruction call....

Can you run this on it and see what you get?
I will use that tool but it is a production server so we can only reboot it after 2 AM tomorrow.

I will report back.

I have a test server that is a Xeon 5160. Does Xeon 5160 support the algorithm?
The CoreInfo tool doesn't need reboot. It is just something which retrieves the CPU information as reported by the VM. I just want you to execute it once, and grab that information so we can analyze it
Just ran the app up on a win server 2019 in Azure and it works very nicely.
Nice! I'm still interested to know the reason of that SSE 4.2 detection failure. As I mentioned, the detection code is in accordance with Intel recommendations, so I suspect that it was caused by the virtualization software.
In IW 15.2.0 released today, there is a new variable which allows you to bypass the SSE 4.2 compatibility check.

In your DPR File, before running your application just set


  IWZLibExAPI.IgnoreSSE42Check := True;

This will allow SSE 4.2 compression to be used regardless of the status obtained via cpuid instruction. You can use it when you are certain that SSE 4.2 is supported.
Thanks, Alexandre.

I am still waiting, because it is a PCI controlled environment, for approval to install and run then Core Info on the box.

Forum Jump:

Users browsing this thread: 1 Guest(s)