PCI compliance failure - SSL RC4 Cipher Suites Supported msrdp (3389/tcp) CVE-2013-2566, CVE-2015-2808 , SSL RC4 Cipher Suites Supported msrdp (3389/tcp) CVE-2013-2566, CVE-2015-2808

Please give us your valuable inputs in solving the below vulnerabilities as this has failed our PCI compliance test.

1.SSL RC4 Cipher Suites Supported msrdp
(3389/tcp)
CVE-2013-2566, CVE-2015-2808

2.SSL RC4 Cipher Suites Supported www
(443/tcp)
CVE-2013-2566, CVE-2015-2808

With gratitude,
Gracesoft
gracesoftAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
You need to patch the public facing server for RC4, add registry keys. Instructions below.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
-      Take backups!
-      Patch KB2871997 is currently installed on the live webserver. (Please note that there are patches now adays that superseed(replaced) this patch).
-      Make the below registry changes.
-      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128] "Enabled"=dword:00000000
-      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128] "Enabled"=dword:00000000
-      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128] "Enabled"=dword:00000000
-      Connectivity tests local and remote.

You need to create the above regkeys and the dword inside each reg key. Then you will pass an RC4 SSL test.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
If your still failing in regards to RDP  you should really consider having RDP disabled Tbh in PCI enviroment.
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

David Johnson, CD, MVPOwnerCommented:
A great tool to set your crypto suits
https://www.nartac.com/Products/IISCrypto/
Don't forget that a reboot is required

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gracesoftAuthor Commented:
Mr.David,
                 Thank you for the info that tool. Very helpful it is.
gracesoftAuthor Commented:
Dear Mr.Mark Bill,
                                 But in that registry I do not have any key in the Cipher folder. What is the solution then please?

Gracesoft
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.