Bugtraq mailing list archives
Trivial bug in IIS5 SSL
From: llevier () ARGOSNET COM (Laurent LEVIER)
Date: Sun, 28 May 2000 20:46:41 +0200
If you select "require secure channel" and "require 128-bit encryption" under secure communications in IIS5, and then later deselect "require secure channel", browsers will fail to connect with "page must be viewed with a high-security web browser...HTTP 403.5 - Forbidden: SSL 128 required". This even occurs with a 128 bit enabled browser (i used IE 5.00.2920.0000). If you remove the check next to "require 128-bit encryption" (which is greyed out when "require secure channel" is deselected), then you can access the pages as normal. IIS is failing to ignore the 128 bit requirement when SSL is turned off. Adam
Laurent LEVIER IT Systems & Networks, Unix System Engineer Security Specialist Argosnet Security Server : http://www.Argosnet.com "Le Veilleur Technologique", "The Technology Watcher" Argosnet II is in progress, opening summer 2000
Current thread:
- Trivial bug in IIS5 SSL Laurent LEVIER (May 28)