Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSL ver2

Status
Not open for further replies.
joepc

joepc

MIS
Jul 26, 2002
647
0
0
US
I have a Windows 2003 server running Exchange 2003 SP2. We have OWA/EAS configured for SSL only. Should I disable SSL ver 2 via the registry for security reasons? I am running some security auditing tools and it is making note of it. Thanks!
 
Sort by date Sort by votes
Considering that SSL ver3(and TLS) has superseded ver 2, and most browsers are equipped to handle the updated versions, I would say yes, you should disable SSL ver 2.
 
Upvote 0 Downvote
there are considerations you need to make before being so rash. The primary consideration is the OS and potential IE level of any clients that connect to your site.....along with potential other browser types that may access the site (firefox, mozilla, etc.). if you are certain that all browser types and operating systems connecting to your site can utilize ssl 3, then, its probably safe to go forward, OR, if it is acceptable by business security rule that any browsers that cannot use ssl 3 should not be allowed to connect, then again, you're golden.
in my personal and professional opinion, i would not disable it to ensure full compatibility with all clients I may have (including older Windows Mobile 5 devices, for instance)

- Brandon Wilson
MCSE:Security00/03; MCSA:Security03
MCSA:Messaging00; MCP; A+
IT Pangaea (
 
Upvote 0 Downvote
I have looked at several browsers, and the most common browsers all support SSL v3.
 
Upvote 0 Downvote
that is very true, but my point was that you never know when youre gonna have some schmuck running Windows 98 out there in the world trying to get in...for instance....and a decision needs to made whether that will be accepted or not (but it is applicable more to public facing websites since build types can be a little more guaranteed internally)

- Brandon Wilson
MCSE:Security00/03; MCSA:Security03
MCSA:Messaging00; MCP; A+
IT Pangaea (
 
Upvote 0 Downvote
I understand what you are stating, and I can agree to a certain point. However, being a security professional, my goal is to have the most secure space I can.

If I remember correctly, 98 could run IE 6, which I believe was SSL v3 compliant, but I get your point. If they are still running 98, who says the update at all anyway...

I know, it is more a business decision.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

eclecticNancy
  • Locked
  • Question
FTP/SSL
Replies
0
Views
31
eclecticNancy
eclecticNancy
pace123
  • Locked
  • Helpful tip
What do I need to setup SSH/VPN, or SSL/TLS layer security?
Replies
1
Views
27
sleipnir214
sleipnir214
Scully87
  • Locked
  • Question
SSL VPN
Replies
0
Views
17
Scully87
Scully87
requested89
  • Locked
  • Question
SSL Question
Replies
1
Views
25
sleipnir214
sleipnir214
prworld
  • Locked
  • Question
Do I Need SSL? 2
Replies
3
Views
22
lgarner
lgarner

Part and Inventory Search

Sponsor

Back
Top