WebApp Sec mailing list archives
RE: SSL Ciphers
From: "Dimitris Petropoulos" <D.Petropoulos () encodegroup com>
Date: Fri, 31 Mar 2006 11:32:06 +0300
Hi pagvac,
Basically I'm interested in the following:
...
- hardening guidelines that illustrate how to disable weak ciphers from popular web servers such as Apache and IIS
Here are the resources for the most popular web servers: IIS: http://support.microsoft.com/?kbid=245030 http://support.microsoft.com/default.aspx?scid=kb;en-us;187498 Apache: http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslciphersuite IBM HTTP Server: http://www-306.ibm.com/software/webservers/httpservers/doc/v1312/ibm/9ac dssl.htm (look for SSLVersion and SSLCipherSpec) iPlanet v6: http://docs.sun.com/source/816-5682-10/esecurty.htm#1008479 Best regards, --------------------------------- Dimitrios Petropoulos, MSc InfoSec, CISSP Managing Director ENCODE Middle East FZ-LLC Dubai Internet City P.O. Box 500328 - Dubai, U.A.E. web: www.encodegroup.com -------------------------------- ENCODE S.A. - HQs 3, R.Melodou Str 151 25 Maroussi Athens, Greece Tel: +30210-6178410 Fax: +30210-6109579 --------------------------------- ****************************************************************** Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of ENCODE S.A. ****************************************************************** ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- SSL Ciphers pagvac (Mar 30)
- <Possible follow-ups>
- RE: SSL Ciphers Dimitris Petropoulos (Mar 31)