Hmmm... What does it report from within your LAN? And, what other equipment is involved here (load-balancers, etc)
Regards, *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market...* On Fri, Jun 27, 2014 at 10:44 AM, David McSpadden <[email protected]> wrote: > When looking at site from outside my network sslscan says it is still > vulernable to rc4 exploit. > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Haritwal, Dhiraj > *Sent:* Friday, June 27, 2014 10:39 AM > > *To:* [email protected] > *Subject:* RE: [NTSysADM] SSL ciphers > > > > Are you checking status with SSLScan? Is it pointing to RC4 or any other > Ciphers? I have used below reg keys to disable RC4. > > > > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers] > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 > 128/128] > > "Enabled"=dword:00000000 > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 > 128/128] > > "Enabled"=dword:00000000 > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 > 40/128] > > "Enabled"=dword:00000000 > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 > 56/128] > > "Enabled"=dword:00000000 > > > > > > > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *David McSpadden > *Sent:* 27 June 2014 19:46 > *To:* [email protected] > *Subject:* RE: [NTSysADM] SSL ciphers > > > > I had to actually add these keys. > > Rebooted. > > Still showing as an exploit. > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 > 128/128] > "Enabled"=dword:00000000 > > · > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 > 40/128] > "Enabled"=dword:00000000 > > · > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 > 56/128] > "Enabled"=dword:00000000 > > · Reappllied this KB > > · http://support.microsoft.com/kb/2868725 > > Rebooted. > > Still showing as an exploit?? > > > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Haritwal, Dhiraj > *Sent:* Friday, June 27, 2014 10:10 AM > *To:* [email protected] > *Subject:* RE: [NTSysADM] SSL ciphers > > > > After those registry changes, did you restart that server. There are > multiple low level RC4 Ciphers so which one you have disabled. > > > > > > Dhiraj > > > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Ed Ziots > *Sent:* 27 June 2014 16:29 > *To:* [email protected] > *Subject:* Re: [NTSysADM] SSL ciphers > > > > Look into iiscrypto by cryptonark software. But why are you disabling rc4 > have u tested that things will not break. I know what sslabs is saying but > you need to weigh the risks vs the rewards. > > Ez > > On Jun 24, 2014 3:09 PM, "David McSpadden" <[email protected]> wrote: > > Looking for how to disable RC4. > > I have KB2868725 applied but in testing it is showing enabled still? > > Anyone else seen this on server 2008 RC2 running IIS? > > > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > > > Please consider the environment before printing this email. > > > ------------------------------ > > > This email is confidential and intended only for the use of the individual > or entity named above and may contain information that is privileged. If > you are not the intended recipient, you are notified that any > dissemination, distribution or copying of this email is strictly > prohibited. If you have received this email in error, please notify us > immediately by return email or telephone and destroy the original message. > - This mail is sent via Sony Asia Pacific Mail Gateway.. > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > > > Please consider the environment before printing this email. > > > ------------------------------ > > > This email is confidential and intended only for the use of the individual > or entity named above and may contain information that is privileged. If > you are not the intended recipient, you are notified that any > dissemination, distribution or copying of this email is strictly > prohibited. If you have received this email in error, please notify us > immediately by return email or telephone and destroy the original message. > - This mail is sent via Sony Asia Pacific Mail Gateway.. > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > Please consider the environment before printing this email. >
