Harden SSL/TLS vBeta

by

In: Configurations checks , Defense , Harden SSL/TLS , Vulnerability Management

19 February 2010

Harden SSL/TLS allows hardening the SSL/TLS settings of Windows 2000, 2003, 2008, 2008R2, XP, Vista, 7. It allows locally and remotely set SSL policies allowing or denying certain ciphers/hashes or complete ciphersuites.

This tool specific allows setting policies with regards to what ciphers and protocols are available to applications that use SCHANNEL crypto interface. A lot of windows applications do use this interface, for instance Google Chrome as well as Apple Safari are a few of these. By changing the settings you can indirectly control what ciphers these applications are allowed to use.

PNG - 48.1 kb

Advanced mode:

  • re-enable ECC P521 mode on Windows7 and 2008R2
  • Set TLS Cache size and timeout

Known issues:

  • The BETA initialises and sets the OS defaults at startup

Changelog:

  • Fixed Protocol initialization on Vista/Seven/2008/2008R2 (Adrian F. Dimcev)
  • Fixed TLS 1.1 on Vista/2008 (Reported by Adrian F. Dimcev)

More information: here

Thanks to Thierry Zoller, from G-SEC. :)

Post scriptum

Compliance Mandates

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Configurations checks
Defense
Harden SSL/TLS
Vulnerability Management