Cipers - Schannel Questions

When I create a cipher I right click on Ciphers in the registry and the select new key and then type in the name of the Cipher.  Do I then create a D Word for that item and give it a value of 0 or 1  or does just adding the key automatically enable or disable a cipher?  I assume I am trying to turn off weak ciphers

I am not clear on what is happening when I just add this to the registry without saying to enable or disable.

Here are the ones for Windows Server 2003 but not sure if I am enabling or disabling these?
RC2 128/128
RC4 128/128
Triple DES 168/168
kdschoolAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Schannel config, I see the MS blog (ref kb 245030) will help
http://blogs.technet.com/b/askds/archive/2011/05/04/speaking-in-ciphers-and-other-enigmatic-tongues.aspx

e.g.

SCHANNEL\Ciphers\RC4 128/128 subkey
RC4 128/128

This subkey refers to 128-bit RC4.

To allow this cipher algorithm, change the DWORD value data of the Enabled value to 0xffffffff. Or, change the DWORD value data to 0x0. If you do not configure the Enabled value, the default is enabled. This registry key does not apply to an exportable server that does not have an SGC certificate.

Disabling this algorithm effectively disallows the following:
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA

Being secure is a good thing and depending on your environment, it may be necessary to restrict certain cryptographic algorithms from use. Just make sure you do your diligence about testing these settings.

How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
http://support.microsoft.com/kb/187498

For recommendation of guidelines to SSL/TLS uses pls see SSL Lab "SSL/TLS Deployment Best Practices" - check the section "2.3. Use Secure Cipher Suites" of the practice PDF
https://community.qualys.com/blogs/securitylabs/2013/09/17/updated-ssltls-deployment-best-practices-deprecate-rc4
https://www.ssllabs.com/projects/best-practices/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kdschoolAuthor Commented:
Answered my question.  Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.