Navigation:  Traditional SoftExpert Suite installation > Additional procedures >

Environment vulnerability

 Previous  Top  Next

In Microsoft environments, there are some obsolete protocols and configurations, which the SE Suite does not use, and, for security reasons, Microsoft itself recommends disabling. Softexpert is not responsible for the administration of the server and does not apply these settings. It is the customer's responsibility to contact Microsoft support to configure the server. We remind you that these changes imply on the server as a whole, and if there are other hosted applications, they will be under these rules, and it is up to the customer to verify that their applications are not impacted negatively. Enabling or disabling such settings do not imply the operation of our application, except for customer-specific customizations of Softexpert. Therefore, it is not a requirement for the operation of the same.

For communication between a Web browser and a secure HTTPS site, there must be a standard internet authentication protocol, such as SSL/TLS. These protocols can be classified between strong and weak, which involve cryptography types, key exchange algorithms, and hash functions.

 

Protocols

The standard internet authentication protocols, already depreciated, maintained only to support legacy, old systems, in the impossibility of using others, are PCT v.1.0, SSL v.2, SSL v.3, TLS v.1.0.

It is currently possible to disable these weak protocols through Microsoft Secure Channel.

If possible, keep the PCT protocol v.1.0 disabled

If possible, keep the SSL protocol v.2.0 disabled

If possible, keep the SSL protocol v.3.0 disabled

If possible, keep the TLS protocol v.1.0 disabled

 

Cryptographic packages

Not all weak encryption packets are disabled by default on all windows versions, make sure that you can disable the cryptographic packages based on:

RC4

RC2

DES

Null

 

Key exchange

An algorithm among those used in the communication exchange between the parties proved to be weak and breakable with greater ease and can be disabled on the server.

If possible, keep the Diffie Hellman algorithm (DH, or DHE for key exchange) disabled.