Abuse Melding

Je hebt een klacht over de onderstaande posting:

06-03-2015, 11:18 door Erik van Straten

Update 2015-03-06 15:11: Microsoft's fix werkt niet, zie https://www.security.nl/posting/420935/#posting420957. Het lijkt erop dat Microsoft eind 2013 wist dat Schannel EXPORT ciphers nog ondersteunde (terwijl deze niet worden "geadverteerd" in het SSL/TLS Client Hello pakket). In http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx staat namelijk: 12 Nov 2013 10:00 AM, door William Peteroy, MSRC: Security Advisory 2868725: Recommendation to disable RC4 [...] How to Completely Disable RC4 Clients and Servers that do not wish to use RC4 ciphersuites, regardless of the other party's supported ciphers, can disable the use of RC4 cipher suites completely by setting the following registry keys. In this manner any server or client that is talking to a client or server that must use RC4, can prevent a connection from happening. Clients that deploy this setting will not be able to connect to sites that require RC4 while servers that deploy this setting ...

Beschrijf je klacht (Optioneel):

captcha