Disable weak encryption on web server IIS

Hello Team,

I have a web server that has been reported to have weak TLSv1 ciphers:
o      EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2-CBC(40) Mac=MD5 export
o      EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
o      EXP1024-DES-CBC-SHA Kx=RSA(1024) Au=RSA Enc=DES-CBC(56) Mac=SHA1 export
o      EXP1024-RC4-SHA Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export

How can I disable this type of encryption?

Thank you.
LVL 2
exTechnologyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sir LearnalotCommented:
There is an official Microsoft article on this. Here you go :)

https://support.microsoft.com/kb/187498
0
FrankCrastCo-founder and CEOCommented:
Hello, I just posted something to similar question posted previously. Feel free to use links below in addition to link above. Also KB article below (245030) has some good support on how to change your cipher order to remove older ciphers and also add more secure ones in priority order. You may also consider adding ECDHE ciphers for Perfect Forward Secrecy (if your systems support it) on the very top, followed by RC4, AES, etc. Google has a good write-up on this as well. Make sure to remove older (weak) ciphers you seem to have listed like RC2, MD5, DES.

First, make sure to disable SSL v3 in addition to v2 protocols. Check out articles below that can help with steps needed to enable TLS 1.0, 1.1, and 1.2 as well.

Mitigating SSL v3: https://technet.microsoft.com/en-us/library/security/3009008.aspx

Details for adding support for TLS 1.0/1.1/1.2 and cipher ordering: How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll: http://support.microsoft.com/kb/245030 

Poodle attack (due to SSL vulnerability): http://www.scmagazine.com/mitm-attacks-can-force-a-downgrade-to-ssl-30/article/377513/

Hope this helps.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Giovanni HewardCommented:
Download the latest version of IIS Crypto to make the necessary changes easier.

IIS Crypto
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.