I have disabled SSL 2.0 and 3.0 on a PC in our environment as described in the articles linked below, but for some reason this PC is still being flagged by our security software for SSL 2.0 and 3.0.
https://help.duo.com/s/article/3400?language=en_US
https://www.digicert.com/kb/ssl-support/iis-disabling-ssl-v3.htm
I looked at the PC again and verified that the registry keys are still set correctly. With SSL disabled in the registry in this way, is it even possible for anything on the computer to turn on or otherwise use SSL 2.0/3.0? My understanding is that any applications that need it will simply stop working.
Thanks in advance,
Andrew
Related
You probably think that this is a misbehaving crawler problem but this CloudFlare website:
Blocks Internet Explorer on Windows 10 desktop (uses Windows API for HTTP)
Allows Edge on Windows 10 desktop (uses Windows API for HTTP?)
Blocks my crawler on Windows using WinInet Windows API for HTTP
Allows my crawler on Mac using Mac API for HTTP
Accordingly to this Internet Explorer 7 on Windows Vista should be support on even free CloudFlare:
https://support.cloudflare.com/hc/en-us/articles/203041594-Cloudflare-SSL-cipher-browser-and-protocol-support
I am in preliminary research phase, but it feels like a certificate issue. I have not experienced this problem before on any website when using Windows 10. (But yes, older versions of Windows can have similar problems to certificate problems)
Any ideas? I have not implemeted HTTP2 part of Windows API - is that a possible explanation? Would just be a bit odd to require that so.... But could possibly explain why Edge and not IE works.
I asked the website owner and the website was setup to only support TLS 1.3 and not accept TLS 1.2 --- TLS 1.3 support is still experimental in Windows 10 (internet options)
In my project fetch request with https is not working for Android<5.0. I know it's for ssl certificate issue. But I don't know how to add or solve that problem. So far I tried many things by googling the problem.
Any help or suggestion will be appreciated.
Thanks.
There is no solid solution to this issue. I had the same issue and I have tried it and it still doesn't work in old samsung devices. The android devices which are equal and below 5.0 use TLS 1.1 or 1.0. The new standard TLS is 1.2. Even tho TLS 1.2 exists in Android devices below 5.0 they are not enabled by default. So you have to enable it manually by changing socket so when your app loads it should enable TLS 1.2 in old devices. The certificate of Android<5.0 devices has been issued before TLS 1.2 introduced. Below are useful links so good luck with trying it.
Android 4.1 to 4.4 KitKat - Enable TLS 1.2 for API
https://github.com/facebook/react-native/issues/7192
I need to connect a WinCE6.0 device to a web based server using HTTPS.
The problem: WinCE6.0 uses WinInet v6 which supports SSL2, SSL3 and TSL1.0 None of which are supported in the current (2018) best practices due to their security flaws.
I doubt I can drop in a newer version of WinInet and expect it to run.
I had thoughts of porting CURL to WinCE.
I'm thinking this issue has already been addressed by the CE community, but I'm not seeing an available solution.
How can I get an old embedded device to securely connect to the WWW?
From GuruCE:
If you want to use TLS 1.1 and 1.2 on CE a suitable solution is to use mbedTLS library from ARM. It has a BSD-like license, so not too restrictive. Only one change to the makefiles is needed to get it to work on CE.
We are having a difficult time using TLS in our Windows CE 5.0 device. What we have is a secure web server running on the device; currently it is using SSL 3.0 as the security provider, but we would like connections to use TLS instead. Per the MSDN documentation, we have changed the registry settings under HKLM/Comm/SecurityProviders/Schannel/Protocols. We've changed the "Enabled" value under SSL 3.0/Client and SSL 3.0/Server from 1 to 0 (SSL 2.0 and PCT 1.0 are also disabled) and verified that TLS 1.0/Client/Enabled and TLS 1.0/Server/Enabled are both set to 1.
After saving the registry and rebooting the device, we are unable to connect using IE, Firefox, or Chrome. Using Wireshark, we've verified that the device sees the incoming request, but it simply refuses it.
We've made these same changes on Windows CE 6.0 and they work as expected.
Has anyone had any similar issues? Does anyone know of any fix or workaround (we've got all QFEs for CE 5.0 as part of our image).
My web host has made my server more secure and is now requiring connection via FTP over SSL/TLS but they will not accept SSL3.0, only TLS1.0 or higher.
This rules out Dreamweaver CS6, Komposer, Microsoft Web Expressions 4.0.
Filezilla works, so all is not lost, but it makes it a two program process (develop in Dreamweaver, cross to Filezilla to upload)
Does anyone know of a Windows 7 program that can connect via FTP using TLS v1.0 or higher instead of SSL3.0
Any suggestions greatly appreciated
Cheers, Al.
I have found a program called CoffeeCup HTML Editor.
It connects using TLSv1.0
I'm sure there are others, but this is the first one I found that I got to work and I am using it now.