Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change default behavior for SSL-checks [Cipher-Checks rework part 1] #513

Closed
TuemmlerKelch opened this issue Feb 7, 2024 · 0 comments
Closed

Change default behavior for SSL-checks [Cipher-Checks rework part 1] #513

TuemmlerKelch opened this issue Feb 7, 2024 · 0 comments
Assignees
@SteffenWinternheimer @TuemmlerKelch
Labels
enhancement New feature or request minor Incremental updates and enhancements for improved functionality without major changes.
Milestone
5.9.0

Comments

@TuemmlerKelch
Copy link
Collaborator

TuemmlerKelch commented Feb 7, 2024
edited
Loading

These checks are part of both Security Base Data and FB Pro Enhanced settings

Default Configuration
For Windows 10, 11, Server 2012R2/16/22 we can configure the checks like this:

setting rating exception
Disable SSLv2 Protocol (Server) System.Management.Automation.ItemNotFoundException -> True
Disable SSLv2 Protocol (Server DisabledByDefault) System.Management.Automation.ItemNotFoundException -> True
Disable SSLv2 Protocol (Client) System.Management.Automation.ItemNotFoundException -> True
Disable SSLv2 Protocol (Client DisabledByDefault) System.Management.Automation.ItemNotFoundException -> True
Disable SSLv3 Protocol (Server) System.Management.Automation.ItemNotFoundException -> True 2012R2 + W10 build < 10.0.11* -> False
Disable SSLv3 Protocol (Server DisabledByDefault) System.Management.Automation.ItemNotFoundException -> True 2012R2 + W10 build < 10.0.11* -> False
Disable SSLv3 Protocol (Client) System.Management.Automation.ItemNotFoundException -> True 2012R2 + W10 build < 10.0.11* -> False
Disable SSLv3 Protocol (Client DisabledByDefault) System.Management.Automation.ItemNotFoundException -> True 2012R2 + W10 build < 10.0.11* -> False

Source: https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-
@TuemmlerKelch TuemmlerKelch added enhancement New feature or request minor Incremental updates and enhancements for improved functionality without major changes. labels Feb 7, 2024
@TuemmlerKelch TuemmlerKelch added this to the 5.9.0 milestone Feb 7, 2024
@TuemmlerKelch TuemmlerKelch removed this from the 5.9.0 milestone Mar 12, 2024
@TuemmlerKelch TuemmlerKelch changed the title Change default behavior for SSL-checks Change default behavior for SSL-checks [Cipher-Checks rework part 1] Mar 19, 2024
@TuemmlerKelch TuemmlerKelch added this to the 5.9.0 milestone Mar 19, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SteffenWinternheimer SteffenWinternheimer

@TuemmlerKelch TuemmlerKelch

Labels
enhancement New feature or request minor Incremental updates and enhancements for improved functionality without major changes.
Projects
None yet
Milestone
5.9.0
Development

No branches or pull requests
2 participants
@SteffenWinternheimer @TuemmlerKelch