Web servers?

Question #6

A client has had a security assessment conducted of the web servers in their environment. They have asked that the servers be configured to disable SSL version 2, and to only accept SSL ciphers greater than or equal to 128 bits. The web servers in the environment consist of Apache 2.2 on Red Hat Enterprise Linux 6, IIS 6 on Windows Server 2003, and IIS 7.5 on Windows Server 2008 R2. Please do the following:

1 How are servers tested to determine which SSL versions and ciphers are currently supported / accepted? Please describe the process.
2 What changes need to be made to each of the web servers / operating systems in order to meet the client's requirements? Please be specific.
Anonymous User
Anonymous User
Asked Jun 30, 2013

TIP: If it's not your answer to this question, please click "Leave a Comment" button under the question to communicate with the question owner.

Categories