Cryptzone are using a custom HTTP server, developed in pure .NET.
We are always using standard security classes shipped with .NET framework v2.
Cryptzone is from a SSL / HTTPS perspective as secure as the latest Microsoft .NET framework v2.
SEP Server has been studied & analyzed by third party penetration testers, which did not find any security issues.
As we mentioned, our web server is based on .NET, so we rely entirely on the window API's & settings. For example, by default windows server settings, this is the result of Cryptzone public SEPserver :
Overall rating: C with 57 points
But when we tweak the secure channel provider settings from registry, and restart the windows server we get a:
Overall rating: A with 84 points
As you see by editing windows registry, all vulnerabilities are fixed.
Please note that this fix will effect all programs that are using windows API: s for secure communication. (all winAPI & .NET programs)
These are the settings I modified:
Disable Weak ciphers:
1. Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers
2. Here you’ll get a list of available chippers. Click on each cipher that you want to disable (you should disable anything with 40/* and 56/* on name) and create a DWORD, “Enabled” = 0
1. Microsoft released an update to disable this feature, as a work around. Install the Microsoft update KB977377 depending on your windows version. For example:
a. Server 2003 http://www.microsoft.com/en-us/download/details.aspx?id=10291
b. Server 2008 R2 x64 "http://www.microsoft.com/en-us/download/details.aspx?id=24360
2. FYI: The update will create two registry DWORD on HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\ and fix the vulnerability by default (by disabling that feature)
a. DisableRenegoOnClient = 1
b. DisableRenegoOnServer = 1
RESTART WINDOWS after changing these settings.