BBrayton
asked on
How to disable RC4 ciphers on a SBS2011 server.
I did some research on disabling the ciphers from one of the Microsoft websites.
The RC4 cipher can be completely disabled on Windows platforms by setting the "Enabled" (REG_DWORD) entry to value 00000000 in the following registry locations:
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Co ntrol\Secu rityProvid ers\SCHANN EL\Ciphers \RC4 128/128
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Co ntrol\Secu rityProvid ers\SCHANN EL\Ciphers \RC4 40/128
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Co ntrol\Secu rityProvid ers\SCHANN EL\Ciphers \RC4 56/128
I made these changes and installed update
https://support.microsoft.com/en-us/kb/2868725
I restarted the server after these changes.
our customer needs to be PCI compliant. When i run the scan to test if still fails on RC4 CIpher
is there something that I am missing?
The RC4 cipher can be completely disabled on Windows platforms by setting the "Enabled" (REG_DWORD) entry to value 00000000 in the following registry locations:
HKEY_LOCAL_MACHINE\SYSTEM\
HKEY_LOCAL_MACHINE\SYSTEM\
HKEY_LOCAL_MACHINE\SYSTEM\
I made these changes and installed update
https://support.microsoft.com/en-us/kb/2868725
I restarted the server after these changes.
our customer needs to be PCI compliant. When i run the scan to test if still fails on RC4 CIpher
is there something that I am missing?
Do you have a spam appliance or gateway such as a barracuda or watchguard acting as an SMTP proxy?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Did some research and found this tool that worked for me at disabling Ciphers.
https://www.nartac.com/Products/IISCrypto
https://www.nartac.com/Products/IISCrypto