SSLv2 being used with WebDav

My webdav connection through windows explorer has stopped working for some unknown reason.  Equipped with Wireshark I have found that Windows is requesting a SSLv2 connection to the server, and not a TLS connection.  The server responds with a TLSv1 Server Hello, but Windows will abandon the connection and try again with a SSLv2 request before bombing.  Other clients correctly use TLSv1 client hellos.

This I thought was odd as (a) it never used to happen, but more importantly, (b) SSLv2 should be disabled in Windows 8.  Checking HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client shows DisabledByDefault is indeed set to 1.

I turned on schannel logging to see if anything interesting came up but it is far from verbose...

So two things:

  1. Can anybody else confirm this behaviour?
  2. Has anybody else suddenly found issues with webdav over ssl?
  3. Isn't this a bit of a major security bug in Windows given the issues surrounding SSLv2?

Any input would be he

June 2nd, 2013 6:28pm

Hi,

I also found that the key is set to 1 and SMBv2 should be disabled. Anyway, I record your feedback.

Thanks for using Windows 8.

Free Windows Admin Tool Kit Click here and download it now
June 5th, 2013 10:41am

Hello,

I am possibly experiencing the same issue on both Windows 8 and Windows 8.1. I started a thread: http://social.technet.microsoft.com/Forums/windows/en-US/4c8cc733-2a54-400e-a53a-e3f22614de9f/unable-to-map-webdav-over-ssl#4c8cc733-2a54-400e-a53a-e3f22614de9f, I am curious if you could help me out with disabling SSLv2?

Thanks.


Edit: After running Microsoft Network Monitor, I can, indeed, confirm this behavior.
  • Edited by Jan Hajek Wednesday, September 25, 2013 9:51 PM
September 25th, 2013 6:19pm
Windows 10 supports TLS 1.2 with SNI (server name indication) and most SSL related compatibility issues with webDAV should be solved: https://social.technet.microsoft.com/Forums/windows/en-US/9f202c46-1baf-4de1-8b7d-14ff6cdbcb72/windows-webdav-client-does-not-support-tls-12?forum=w7itpronetworking

You may also check your certificate installation on the webDAV server with:

https://www.ssllabs.com/ssltest/index.html

https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp

https://www.wormly.com/test_ssl
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2015 4:59am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics