Cipers - Schannel Questions

When I create a cipher I right click on Ciphers in the registry and the select new key and then type in the name of the Cipher.  Do I then create a D Word for that item and give it a value of 0 or 1  or does just adding the key automatically enable or disable a cipher?  I assume I am trying to turn off weak ciphers

I am not clear on what is happening when I just add this to the registry without saying to enable or disable.

Here are the ones for Windows Server 2003 but not sure if I am enabling or disabling these?
RC2 128/128
RC4 128/128
Triple DES 168/168
Who is Participating?
btanConnect With a Mentor Exec ConsultantCommented:
Schannel config, I see the MS blog (ref kb 245030) will help


SCHANNEL\Ciphers\RC4 128/128 subkey
RC4 128/128

This subkey refers to 128-bit RC4.

To allow this cipher algorithm, change the DWORD value data of the Enabled value to 0xffffffff. Or, change the DWORD value data to 0x0. If you do not configure the Enabled value, the default is enabled. This registry key does not apply to an exportable server that does not have an SGC certificate.

Disabling this algorithm effectively disallows the following:

Being secure is a good thing and depending on your environment, it may be necessary to restrict certain cryptographic algorithms from use. Just make sure you do your diligence about testing these settings.

How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services

For recommendation of guidelines to SSL/TLS uses pls see SSL Lab "SSL/TLS Deployment Best Practices" - check the section "2.3. Use Secure Cipher Suites" of the practice PDF
kdschoolAuthor Commented:
Answered my question.  Thank you.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.