<div>
Hi Gary,<br />
<br />
A few weeks ago I helped another user with a similar problem <a href="https://www.experts-exchange.com/questions/28550582/Disabling-RC4-Cipher-On-Windows-Server-2008-Service-Pack-2.html" rel="ugc">here</a> is the link, in this post I point to another link with several steps to solved a similar problem, please also check <a href="https://www.experts-exchange.com/questions/28486547/How-would-I-disable-PCT-1-0-SSL-2-0-SSL-3-0-or-TLS-1-0-in-Internet-Information-Services.html" rel="ugc">here</a><br />
I hope it could help you solve your issues.<br />
<br />
Regards
</div>


Hi Gary,

A few weeks ago I helped another user with a similar problem here [https://www.experts-exchange.com/questions/28550582/Disabling-RC4-Cipher-On-Windows-Server-2008-Service-Pack-2.html] is the link, in this post I point to another link with several steps to solved a similar problem, please also check here [https://www.experts-exchange.com/questions/28486547/How-would-I-disable-PCT-1-0-SSL-2-0-SSL-3-0-or-TLS-1-0-in-Internet-Information-Services.html]
I hope it could help you solve your issues.

Regards

<div>
Thanks David,<br />
<br />
I know how to disable the ciphers however I'm unsure of the naming conversion for the registry keys. I ran the tool you suggested 'SSLSmart' would the key's just be named the same as the cipher name. See screen.<br />
<br />
<a href="https://filedb.experts-exchange.com/incoming/2014/11_w47/884016/ssl.PNG" target="_blank" title="SSL Scan result (12 KB)"><img alt="SSL Scan result" class="file-block lazyload" style="max-width: 728px;" data-src="https://filedb.experts-exchange.com/incoming/2014/11_w47/884016/ssl.PNG" /></a>
</div>


Thanks David,

I know how to disable the ciphers however I'm unsure of the naming conversion for the registry keys. I ran the tool you suggested 'SSLSmart' would the key's just be named the same as the cipher name. See screen.

SSL Scan resulthttps://filedb.experts-exchange.com/incoming/2014/11_w47/884016/ssl.PNG

ssl.PNG

<div>
<div class="content wysiwyg-content">
Hi All,<br />
<br />
I need to disable the below ciphers. <br />
<br />
TLSv1<br />
&nbsp; &nbsp; &nbsp; EXP-EDH-RSA-DES-CBC-SHA &nbsp; &nbsp; &nbsp;Kx=DH(512) &nbsp; &nbsp; Au=RSA &nbsp; &nbsp; &nbsp;Enc=DES-CBC(40) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Mac=SHA1 &nbsp; export &nbsp; &nbsp; <br />
&nbsp; &nbsp; &nbsp; EXP-DES-CBC-SHA &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Kx=RSA(512) &nbsp; &nbsp;Au=RSA &nbsp; &nbsp; &nbsp;Enc=DES-CBC(40) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Mac=SHA1 &nbsp; export &nbsp; &nbsp; <br />
&nbsp; &nbsp; &nbsp; EXP-RC4-MD5 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Kx=RSA(512) &nbsp; &nbsp;Au=RSA &nbsp; &nbsp; &nbsp;Enc=RC4(40) &nbsp;<br />
<br />
I know this should be done from the registry here: HKey_Local_Machine\System\<wbr />CurrentCon<wbr />trolSet\Co<wbr />ntrol\Secu<wbr />rityProvid<wbr />ers\SCHANN<wbr />EL\Ciphers<wbr />\xxxxx<br />
<br />
However I'm not sure what the registry keys should be named to for the above ciphers, could someone help me with this?<br />
<br />
Thanks you!
</div>
</div>


Hi All,

I need to disable the below ciphers. 

TLSv1
      EXP-EDH-RSA-DES-CBC-SHA      Kx=DH(512)     Au=RSA      Enc=DES-CBC(40)          Mac=SHA1   export     
      EXP-DES-CBC-SHA              Kx=RSA(512)    Au=RSA      Enc=DES-CBC(40)          Mac=SHA1   export     
      EXP-RC4-MD5                  Kx=RSA(512)    Au=RSA      Enc=RC4(40)  

I know this should be done from the registry here: HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\xxxxx

However I'm not sure what the registry keys should be named to for the above ciphers, could someone help me with this?

Thanks you!

TLS ciphers - how to disable in Windows Registry

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Encryption

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.