Vista x32 IE7 SSL Security Problem

Discussion in 'malware problems & news' started by Bathrone, Aug 18, 2007.

Thread Status:
Not open for further replies.
  1. Bathrone

    Bathrone Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    8
    I'm on Vista x32 IE7 fully patched to current windows update and the two performance and reliability hotfixes. There is three specific problems

    1. I can't establish a 256 bit AES SSL session.

    2. Advanced user preference settings for SSL3 and SSL2 being disabled are being re-enabled by something. Even if I disable them again if I apply, close IE and wait awhile they will be renabled again if I check the advanced settings.

    3. I am getting strange recurring error and warning level events in the windows system log about SSL.

    Details:

    Using Firefox alpha 7 I can easily goto https://www.fortify.net/sslcheck.html and see I'm running DHE-RSA-AES256-SHA. In my IE7 install SSL negotiates AES128-SHA

    I have no explanation as to how or why SSL3 and SSL2 are being enabled and overwriting user peference.

    The details of the system events are:

    E1. An error occured while using SSL configuration for socket address 192.168.1.2:6331. The error status code is

    contained within the returned data. ID: 15021 Source: HTTPEvent

    E2. An error occured while using SSL configuration for socket address 255.255.255.255:6331. The error status code

    is contained within the returned data. ID: 15021 Source: HTTPEvent

    W1. SSL Certificate Settings deleted for Port : 192.168.1.2:6331 . ID: 15300 Source: HTTPEvent

    W2. SSL Certificate Settings created by an admin process for Port : 192.168.1.2:6331 . ID: 15301 Source: HTTPEvent

    W3. SSL Certificate Settings deleted for Port : 255.255.255.255:6331 .ID: 15300 Source: HTTPEvent

    W4. SSL Certificate Settings created by an admin process for Port : 255.255.255.255:6331 .ID: 15301 Source:

    HTTPEvent

    W5. SSL Certificate Settings deleted for Port : 255.255.255.255:6331 .15300 Source: HTTPEvent

    W5. SSL Certificate Settings created by an admin process for Port : 255.255.255.255:6331 .ID: 15301 Source: HTTPEvent

    I do not know what so called admin process is doing this. It occurs on each reboot on my system. The MS online event search facility provides no explanation of these events.

    My antimalware product reports no problems. The Kaspersky online scanner reports no problems. I have gone though the browser helper objects and found nothing unusual. I have also gone through my running processes and found nothing unusual. Same with startup processes.

    I am determined to get to the bottom of this problem and would greatly appreciate expert advice in helping to diagnose this further.
     
Loading...
Thread Status:
Not open for further replies.