We help IT Professionals succeed at work.

How to restrict the use of certain cryptographic alogrithms and protocols in schannel.dll?

Westez
Westez asked
on
Windows Server 2003 Standard R2
I have the KB Articles 245030 and 187498.

I want to disable DES 56/56, RC4 40/128, etc. How is this done?

 The KB 245030 says to change the DWORD value for Enabled to 0x0.

When I navigate to HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SECURITYPROVIDERS\SCHANNEL\CIPHERS\ DES 56/56 there is no "Enabled subkey".

I've created a new DWORD value and named it Enable and set it to 0.  Will this disable the Cipher DES 56/56?  
Comment
Watch Question

Commented:
Yes that will disable it. The Enabled Value does not exist because it is enabled by default. Creating the key and setting it to 0x0 disables the algorithm.

Author

Commented:
Thanks for the confirmation.