My webdav connection through windows explorer has stopped working for some unknown reason. Equipped with Wireshark I have found that Windows is requesting a SSLv2 connection to the server, and not a TLS connection. The server responds with a
TLSv1 Server Hello, but Windows will abandon the connection and try again with a SSLv2 request before bombing. Other clients correctly use TLSv1 client hellos.
This I thought was odd as (a) it never used to happen, but more importantly, (b) SSLv2 should be disabled in Windows 8. Checking HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client shows DisabledByDefault is indeed set to 1.
I turned on schannel logging to see if anything interesting came up but it is far from verbose...
So two things:
- Can anybody else confirm this behaviour?
- Has anybody else suddenly found issues with webdav over ssl?
- Isn't this a bit of a major security bug in Windows given the issues surrounding SSLv2?
Any input would be he