Hmm, a fair point, and one that I hadn’t considered being an issue with such an
old cipher. I suppose that just means it’s had more time to be embedded into
more things. ☺
--
There are 10 kinds of people in the world...
those who understand binary and those who don't.
From: [email protected] [mailto:[email protected]] On
Behalf Of Ed Ziots
Sent: Monday, July 07, 2014 5:10 PM
To: [email protected]
Subject: RE: [NTSysADM] SSL ciphers
It's not the weak cipher per say it's just been all this buzz about rc4 being
weak but the there is a equal and opposite impact of disabling it cause to the
business or applications that is not figured in the decision.
I am not saying not to disable the weak cipher I am saying know the impact
before you do. It's easy to check a block for the purpose of audit compliance
but if something breaks by doing it and you suffer production issues then that
is a different story altogether.
Ez
On Jul 7, 2014 7:34 AM, "Melvin Backus"
<[email protected]<mailto:[email protected]>> wrote:
There are lots of obsolete ciphers out there. That doesn’t mean they were bad,
just that they’ve been compromised at some point since they’re creation and are
now no longer secure. I’m not sure I understand what’s sad about a security
based audit expecting that they be disabled. Do you still use SSH v1? How
about 40 bit SSL in your browser?
--
There are 10 kinds of people in the world...
those who understand binary and those who don't.
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]<mailto:[email protected]>]
On Behalf Of Ed Ziots
Sent: Thursday, July 03, 2014 5:00 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: [NTSysADM] SSL ciphers
Sad when u gotta disable a cipher to pass an audit
On Jul 3, 2014 12:08 PM, "Andrew S. Baker"
<[email protected]<mailto:[email protected]>> wrote:
Nice...
ASB
http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker>
Providing Virtual CIO Services (IT Operations & Information Security) for the
SMB market…
On Thu, Jul 3, 2014 at 9:19 AM, David McSpadden
<[email protected]<mailto:[email protected]>> wrote:
Turns out an app on the server had it’s own SSL ciphers. Working with app
support and got the RC4 ciphers turned off and passed audit.
Thanks all.
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]<mailto:[email protected]>]
On Behalf Of Ed Ziots
Sent: Friday, June 27, 2014 6:59 AM
To: [email protected]<mailto:[email protected]>
Subject: Re: [NTSysADM] SSL ciphers
Look into iiscrypto by cryptonark software. But why are you disabling rc4 have
u tested that things will not break. I know what sslabs is saying but you need
to weigh the risks vs the rewards.
Ez
On Jun 24, 2014 3:09 PM, "David McSpadden"
<[email protected]<mailto:[email protected]>> wrote:
Looking for how to disable RC4.
I have KB2868725 applied but in testing it is showing enabled still?
Anyone else seen this on server 2008 RC2 running IIS?
This e-mail and any files transmitted with it are property of Indiana Members
Credit Union, are confidential, and are intended solely for the use of the
individual or entity to whom this e-mail is addressed. If you are not one of
the named recipient(s) or otherwise have reason to believe that you have
received this message in error, please notify the sender and delete this
message immediately from your computer. Any other use, retention,
dissemination, forwarding, printing, or copying of this email is strictly
prohibited.
Please consider the environment before printing this email.
This e-mail and any files transmitted with it are property of Indiana Members
Credit Union, are confidential, and are intended solely for the use of the
individual or entity to whom this e-mail is addressed. If you are not one of
the named recipient(s) or otherwise have reason to believe that you have
received this message in error, please notify the sender and delete this
message immediately from your computer. Any other use, retention,
dissemination, forwarding, printing, or copying of this email is strictly
prohibited.
Please consider the environment before printing this email.
