SSL v2 is weak and outdated protocol. All modern browsers and applications support SSL v3 and that’s why you should disable SSL v2 where possible. Using this command you can check if SSL v2 is enabled: openssl s_client -connect www.example.org:443 -ssl2
SSL v2 is weak and outdated protocol. All modern browsers support SSL v3 and it’s enabled by default on Windows 2008 (IIS 7 / IIS 7.5). To make sure all clients are using SSL v3 we must disable SSL v2. This is required for PCI compliance.
1. Download and install Windows SDK 2. Open command prompt as Administrator and cd to this directory: C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin 2. Create a root certificate makecert -pe -n “CN=Test Root Authority” -ss my -sr LocalMachine -a sha1 -sky signature -r “c:\Test Root Authority.cer” 3. Create the new certificate and sign it with the newly generated [...]
Today, all certificate authorities require 2048 bit private key when requesting SSL certificates. This is how it’s done: openssl req -nodes -newkey rsa:2048 -keyout cert.key -out cert.csr