Alpha Video Training
Results 1 to 15 of 15

Thread: How Can I Disable SSL V2 in alpha v11 server?

  1. #1
    Member
    Real Name
    Wilson Ford
    Join Date
    Oct 2010
    Posts
    5

    Default How Can I Disable SSL V2 in alpha v11 server?

    I have ssl running on Alpha five v11 server and need to disable ssl2 for compliance reasons.

    Any Ideas?

  2. #2
    Member
    Real Name
    W Brad Hershey
    Join Date
    Mar 2010
    Location
    Skokie, IL
    Posts
    107

    Default Re: How Can I Disable SSL V2 in alpha v11 server?

    Wilson:

    Take a look at http://support.microsoft.com/kb/187498 - you must edit the windows registry on the server. I do not believe you can restrict from within A5.

    Another discussion with example is at http://geekswithblogs.net/dchristian...ersoniis6.aspx

    Hope this helps.

    Brad

  3. #3
    Alpha Software Employee Lenny Forziati's Avatar
    Real Name
    Lenny Forziati
    Join Date
    Nov 2001
    Location
    Alpha Software
    Posts
    4,680

    Default Re: How Can I Disable SSL V2 in alpha v11 server?

    Brad, The V11 Application Server is not IIS, so changing settings for IIS will have no impact on the Application Server.

    The SSL tab of the Application Server Settings allows an SSL Cipher List to be specified. A list such as the following will disable SSL v2
    Code:
    SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
    This setting uses the same syntax as Apache with mod_ssl, so any Apache setting could be used here. This specific value for the cipher list came from http://adamyoung.net/Disable-SSLv2-System-Wide

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

  4. #4
    Member
    Real Name
    W Brad Hershey
    Join Date
    Mar 2010
    Location
    Skokie, IL
    Posts
    107

    Default Re: How Can I Disable SSL V2 in alpha v11 server?

    Lenny:

    Thanks for the heads up - I use Windows Server 2008 r2 which by default does not connect sslv2. But you make a great point that at this time A5 is not under IIS (even if IIS is on the server for other ports). Since I restrict IP access and have control over the individual clients I always use high 256 bit encryption. I am going to edit the A5 server per your suggestion.

    Brad

  5. #5
    Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,827

    Default Re: How Can I Disable SSL V2 in alpha v11 server?

    Lenny,

    My "SSL_CipherList" already contains a long string of characters. Do I append the suggested string you suggested, or replace the existing string? Here is a portion of what I have already:

    SSL_CipherList = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-...
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  6. #6
    Alpha Software Employee Lenny Forziati's Avatar
    Real Name
    Lenny Forziati
    Join Date
    Nov 2001
    Location
    Alpha Software
    Posts
    4,680

    Default Re: How Can I Disable SSL V2 in alpha v11 server?

    Steve, take a look at the announcement from yesterday: OpenSSL update to address DROWN now available. You will want this update for a number of reasons, and one of the changes it makes is to permanently disable SSLv2, regardless of your cipher list.

    But to more directly answer your question, you would just add :!SSLv2 to your existing list to turn off SSLv2.

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

  7. #7
    Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,827

    Default Re: How Can I Disable SSL V2 in alpha v11 server?

    Thanks - I will have to take the alternate route, my client will not allow me to install a beta (the pre-release) version on their server.
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  8. #8
    Alpha Software Employee Lenny Forziati's Avatar
    Real Name
    Lenny Forziati
    Join Date
    Nov 2001
    Location
    Alpha Software
    Posts
    4,680

    Default Re: How Can I Disable SSL V2 in alpha v11 server?

    There is no need to install a prerelease

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

  9. #9
    Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,827

    Default Re: How Can I Disable SSL V2 in alpha v11 server?

    Got it. I misread this statement: "These DLLs are compatible with Alpha Anywhere and Alpha Five V11 only."
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  10. #10
    Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,827

    Default Re: How Can I Disable SSL V2 in alpha v11 server?

    Back on the question of cipher string. My client now wants to disable TLS protocol in the cipher string. Would that be done by adding :!TLS, or perhaps :TLSv1 to the cipher string?
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  11. #11
    Alpha Software Employee Lenny Forziati's Avatar
    Real Name
    Lenny Forziati
    Join Date
    Nov 2001
    Location
    Alpha Software
    Posts
    4,680

    Default Re: How Can I Disable SSL V2 in alpha v11 server?

    TLS cannot be fully disabled in the cipher string. What you can do is remove all ciphers used by TLS v1, which effectively turns it off. However the server will still offer a TLS v1 handshake, which will never be able to be completed since no ciphers are there.

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

  12. #12
    Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,827

    Default Re: How Can I Disable SSL V2 in alpha v11 server?

    Quote Originally Posted by Lenny Forziati View Post
    TLS cannot be fully disabled in the cipher string. What you can do is remove all ciphers used by TLS v1, which effectively turns it off. However the server will still offer a TLS v1 handshake, which will never be able to be completed since no ciphers are there.
    Thank you Lenny. I got that part about TLS being set in the Windows server. But I don't know how to tell if my cipher string does or does not "turn TLS' off. Is it as simple as not seeing any part of the cipher string with the letters "TLS" or do I need to append something to my string to specifically turn it off, like ":!TLS", or similar?
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  13. #13
    Alpha Software Employee Lenny Forziati's Avatar
    Real Name
    Lenny Forziati
    Join Date
    Nov 2001
    Location
    Alpha Software
    Posts
    4,680

    Default Re: How Can I Disable SSL V2 in alpha v11 server?

    You would need to identify all of the ciphers potentially used and remove them. I do not have a complete list of them.

    You may want to review https://www.alphasoftware.com/docume...rted%20SSL.xml to see an expanded discussion of configurations, as well as the details of obtaining an A+ rating on the Qualys SSL Labs server test.

    You will also want to be aware of the impact of disabling TLS v1 - specifically this will cause older clients to be unable to connect. This may or may not be acceptable depending on your specific needs.

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

  14. #14
    Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,827

    Default Re: How Can I Disable SSL V2 in alpha v11 server?

    Thanks Lenny. Client is happy with prohibiting those older versions from secure access.
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  15. #15
    Alpha Software Employee Lenny Forziati's Avatar
    Real Name
    Lenny Forziati
    Join Date
    Nov 2001
    Location
    Alpha Software
    Posts
    4,680

    Default Re: How Can I Disable SSL V2 in alpha v11 server?

    While this is the V11 server area, I think it is worth noting that the Alpha Anywhere Application Server now allows the server administrator to very easily disable TLS 1.0 and TLS 1.1 if desired. Beginning with build 4243 of Alpha Anywhere, this is as simple as selecting the minimum version you'd like to enable from the drop-down list shown below

    TLSVersion.png

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

Similar Threads

  1. Error Occurred in Application Server Setting in Alpha Five V11?
    By Suvarchala in forum Application Server Version 11 - Web/Browser Applications
    Replies: 3
    Last Post: 02-16-2012, 11:56 AM
  2. How to host the alpha five v11 web application in server?
    By jyothi28.g in forum Application Server Version 11 - Web/Browser Applications
    Replies: 3
    Last Post: 01-19-2012, 04:00 AM
  3. Virtual Server and SSL - Confused and Need Help
    By Charlain in forum Application Server Version 8
    Replies: 1
    Last Post: 06-22-2008, 01:21 AM
  4. Can we use SSL over ISA Server rather than Alpha
    By Steve Wood in forum Application Server Version 8
    Replies: 0
    Last Post: 10-29-2007, 09:57 PM
  5. was server type for SSL certificate
    By oldtony in forum Web Application Server v7
    Replies: 1
    Last Post: 06-18-2006, 01:35 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •