I have a server keep warning me about event id 36874, source Schannel: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. This happens once every day at almost same time.
I used SSLSCAN to check the cipher suite on my server and found that "IDEA-CBC-MD5" failed. I am guessing that there is a client trying to use SSL (IDEA-CBC-MD5) talk to my server, but as my server do support this cipher, it failed.
The thing is, my server(win2003 with .net2.0) is a web server with tons of request. I don't know if there is a way to find out who is sending that request with (IDEA-CBC-MD5) or why it using this cipher?
Best Answer
Don't worry about it.
Every browser this side of 1998 supports more secure ciphers, and certainly will match one that your server offers. The failure is extremely unlikely to be a real person with a browser, and is very likely from a connection that's probing your allowed cipher suites in the same way that you discovered that the cipher wasn't supported.
I'd recommend going a bit further, even, and disabling SSLv2. See here for details.