Sad when u gotta disable a cipher to pass an audit On Jul 3, 2014 12:08 PM, "Andrew S. Baker" <[email protected]> wrote:
> Nice... > > > > > > > *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> > *Providing Virtual CIO Services (IT Operations & Information Security) for > the SMB market…* > > > > > On Thu, Jul 3, 2014 at 9:19 AM, David McSpadden <[email protected]> wrote: > >> Turns out an app on the server had it’s own SSL ciphers. Working with >> app support and got the RC4 ciphers turned off and passed audit. >> >> Thanks all. >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Ed Ziots >> *Sent:* Friday, June 27, 2014 6:59 AM >> >> *To:* [email protected] >> *Subject:* Re: [NTSysADM] SSL ciphers >> >> >> >> Look into iiscrypto by cryptonark software. But why are you disabling rc4 >> have u tested that things will not break. I know what sslabs is saying but >> you need to weigh the risks vs the rewards. >> >> Ez >> >> On Jun 24, 2014 3:09 PM, "David McSpadden" <[email protected]> wrote: >> >> Looking for how to disable RC4. >> >> I have KB2868725 applied but in testing it is showing enabled still? >> >> Anyone else seen this on server 2008 RC2 running IIS? >> >> >> >> This e-mail and any files transmitted with it are property of Indiana >> Members Credit Union, are confidential, and are intended solely for the use >> of the individual or entity to whom this e-mail is addressed. If you are >> not one of the named recipient(s) or otherwise have reason to believe that >> you have received this message in error, please notify the sender and >> delete this message immediately from your computer. Any other use, >> retention, dissemination, forwarding, printing, or copying of this email is >> strictly prohibited. >> >> >> >> Please consider the environment before printing this email. >> >> This e-mail and any files transmitted with it are property of Indiana >> Members Credit Union, are confidential, and are intended solely for the use >> of the individual or entity to whom this e-mail is addressed. If you are >> not one of the named recipient(s) or otherwise have reason to believe that >> you have received this message in error, please notify the sender and >> delete this message immediately from your computer. Any other use, >> retention, dissemination, forwarding, printing, or copying of this email is >> strictly prohibited. >> >> Please consider the environment before printing this email. >> > >
