[15099] in bugtraq
Trivial bug in IIS5 SSL
daemon@ATHENA.MIT.EDU (Laurent LEVIER)
Mon May 29 17:09:29 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <4.3.1.2.20000528204621.00a7a780@194.98.103.230>
Date: Sun, 28 May 2000 20:46:41 +0200
Reply-To: Laurent LEVIER <llevier@ARGOSNET.COM>
From: Laurent LEVIER <llevier@ARGOSNET.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
>
>If you select "require secure channel" and "require 128-bit encryption"
>under secure communications in IIS5, and then later deselect "require secure
>channel", browsers will fail to connect with "page must be viewed with a
>high-security web browser...HTTP 403.5 - Forbidden: SSL 128 required". This
>even occurs with a 128 bit enabled browser (i used IE 5.00.2920.0000).
>
>If you remove the check next to "require 128-bit encryption" (which is
>greyed out when "require secure channel" is deselected), then you can access
>the pages as normal. IIS is failing to ignore the 128 bit requirement when
>SSL is turned off.
>
>Adam
Laurent LEVIER
IT Systems & Networks, Unix System Engineer
Security Specialist
Argosnet Security Server : http://www.Argosnet.com
"Le Veilleur Technologique", "The Technology Watcher"
Argosnet II is in progress, opening summer 2000
