How to disable RC4 and 3DES on Windows Server?
RC4
To disable RC4 on your Windows server, set the following registry keys:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128] "Enabled"=dword:00000000
3DES
To disable 3DES on your Windows server, set the following registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168] "Enabled"=dword:00000000
If your Windows version is anterior to Windows Vista (i.e. XP, 2003), you will need to set the following registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168] "Enabled"=dword:00000000
See also
- Configure an IIS8 server
- Configure an IIS7 server
- Configure an IIS6 server
- Sweet 32: attack targeting Triple DES (3DES)
- Enable/disable encryption algorithm in Windows
- RC4 vulnerability
- IIS Crypto: Tool developed by Nartac that allows you to customize protocol and cipher support on Windows.
Last edited on 10/01/2019 07:30:08 --- [search]