We use McAfee Secure to scan our network for possible PCI compliance issues. Recently (out of the blue) we started receiving alerts notifying us that we need to disable weak ciphers and SSL v2 on our Exchange server. I can't seem to figure out how to do this.
When I create the appropriate DWORD entry to disable the associated registry keys, I still get scan alerts. This box is running Win2K3R2 with IIS6. I don't seem to be able to control any of these SCHANNEL keys directly in IIS, since IIS just calls basic CryptoGraphic APIs, which in turn call the registry APIs to read these keys. So no luck there. Out of desperation, I just tried to delete the keys, but they magically reappear (with all their default settings) when I close/relaunch regedit.
Has anyone else run into this issue? Any resolutions? Out of the box ideas?
Thanks,
Britt