Disabling SSL 2.0 for POP3?

paintb4707paintb4707 Posts: 420Member
Hey guys

I'm currently working on PCI Compliance and I've got one last issue that is driving me up the wall. I followed the microsoft kbb here: [FONT=&quot]How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services and disabled SSL 2.0 entirely.

Originally, the PCI Compliance scan was telling me the issue lied with both HTTPS and POP3S, low and behold the issue is resolved for HTTPS but not POP3. I've looked all over the place and can't find anything related on the matter. Is there an additional setting that needs to be changed to prevent SSL 2.0 on POP3?

Just an FYI, it's confirmed that the issue is pointing to our Exchange server, where I had disabled SSL 2.0

Thanks in advance

[/FONT]

Comments

  • jibbajabbajibbajabba Posts: 4,317Member ■■■■■■■■□□
    paintb4707 wrote: »
    Hey guys

    I'm currently working on PCI Compliance and I've got one last issue that is driving me up the wall. I followed the microsoft kbb here: [FONT=&quot]How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services and disabled SSL 2.0 entirely.

    Originally, the PCI Compliance scan was telling me the issue lied with both HTTPS and POP3S, low and behold the issue is resolved for HTTPS but not POP3. I've looked all over the place and can't find anything related on the matter. Is there an additional setting that needs to be changed to prevent SSL 2.0 on POP3?

    Just an FYI, it's confirmed that the issue is pointing to our Exchange server, where I had disabled SSL 2.0

    Thanks in advance

    [/FONT]

    Got Exchange installed on that box or any other mail software ? Basically something keeps port 995 open ..
    My own knowledge base made public: http://open902.com :p
  • paintb4707paintb4707 Posts: 420Member
    Gomjaba wrote: »
    Got Exchange installed on that box or any other mail software ? Basically something keeps port 995 open ..

    Port 995 is open (and needs to be) to provide POP3SSL to mobile phones. The problem I'm having is that SSL 2.0 is still enabled for some wacky reason. I need to eliminate 2.0 and leave 3.0 as the only option.
  • jibbajabbajibbajabba Posts: 4,317Member ■■■■■■■■□□
    paintb4707 wrote: »
    Port 995 is open (and needs to be) to provide POP3SSL to mobile phones. The problem I'm having is that SSL 2.0 is still enabled for some wacky reason. I need to eliminate 2.0 and leave 3.0 as the only option.

    Mmm.. what software is this ? Maybe it is something you have to do at software level rather than OS level ?
    My own knowledge base made public: http://open902.com :p
  • paintb4707paintb4707 Posts: 420Member
    Gomjaba wrote: »
    Mmm.. what software is this ?

    Exchange
    Maybe it is something you have to do at software level rather than OS level ?
    That's what I'm trying to figure out. icon_lol.gif But I can't find any resources on the matter.
  • jibbajabbajibbajabba Posts: 4,317Member ■■■■■■■■□□
    So I suppose it fails because you use OWA - which uses IIS which should have been fixed with that registry key ... odd
    My own knowledge base made public: http://open902.com :p
Sign In or Register to comment.