«
»

Remediating Common PCI SSL Vulnerabilities with a Simple Windows Registry File

Recently I was working with a client who was struggling to remediate two vulnerabilities identified by their quarterly perimeter PCI scans. Specifically, they needed to remediate the following vulnerabilities:

  • SSLv2 Enabled
  • Weak SSL Encryption Ciphers Enabled

With these vulnerabilities being so common amongst those bound to the PCI DSS, I would have hoped that better remediation information existed beyond Microsoft’s overcomplicated Knowledgebase Article,

In response to this lack of quality remediation information, I created the following Windows Registry file that aims to simplify the remediation of both vulnerabilities. This file has been tested on IIS 6.0 (Windows 2003) and disables the following weak ciphers, hashing functions, and protocols associated with SSL:

  • Weak Ciphers – DES 56, NULL, RC2 40/128, and RC4 40/56/128
  • Weak Hash Functions – MD5
  • Weak Protocols – PCT 1.0, and SSL 2.0

You can download the registry file from our website, here.

The standard “Backup your registry first” and “Test on non-production systems first” rules apply. Happy remediating! (and more importantly…SECURING!!!)

Advertisement

This entry was posted on November 12, 2008 at 7:42 pm and is filed under PCI, Uncategorized with tags , , , , , . You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

Please log in to WordPress.com to post a comment to your blog.

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.