Hi all,
A customer of ours runs an L2TP VPN over Server 2008. They have had PCI compliance scans done for some time and recently failing due to Weak Diffie-Hellman groups and Weak Encryption Ciphers. I've used IISCrypto and disabled all 3DES ciphers and anything less than 128 bit encryption. Not sure if disabling Diffie-Hellman altogether is a good idea?
Also under Windows Firewall I've gone into IP Sec and only allowed high strength ciphers/DH groups.
Anyone else come across this?
Thanks