Disabling RC4 Cipher On Windows Server 2008 Service Pack 2

Hello Experts,
Vulnerability with regards to our OWA web site using RC4 cipher algorithms in SSL cipher suites has been identified.  I have been reading on how to remediate this issue and I’m thinking that disabling RC4 is the way to go.  Our Exchange server is running Windows Server 2008 with service pack 2.  We are running Exchange 2007.  I have been reading on how to disable the RC4 cipher algorithms and everything I have read states I need to modify the following registry keys:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000
The problem I’m running into is these registry keys do not exist.  Should I create the following subkeys and dword values within each sub-key?
Sub-keys:
RC4 128/128
RC4 40/128
RC4 56/128.

Dword Values:
“Enabled”=dword:00000000

Any clarification will be greatly appreciated.

Nick
LVL 1
ndalmolin_13Asked:
Who is Participating?
 
David Paris VicenteSystems and Comunications  Administrator Commented:
Hi ndalmolin_13,

This case is similar to one that I answered in the past for other protocols but it was to 2003, you can check it here

In your case if you don´t have that Keys you should create them and run the security test again to check if anything else is reported regarding the RC4 in SSL,
of course before doing any change to the registry you should backup

I hope it helps.

Regards
0
 
ndalmolin_13Author Commented:
Thanks for the info
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.