jdff
asked on
Need to disable SSL Cipher
My PCI scan has failed and it is asking me to address the 2 issues below, can someone here help me with the case? I'm running Windows 2008 R2.
SSL Medium Strength Cipher Suites Supported
SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
SSL Medium Strength Cipher Suites Supported
SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also to add if changing protocol you will need to reboot the machines otherwise just chnaging ciphers need not reboot.
On bran's comment restarting the service PCI reported as having an issue should enough to implement the registry change for cipher/protocol.
But there are circumstances as bran noted where a reboot would be required to have the changes applied.
But there are circumstances as bran noted where a reboot would be required to have the changes applied.
ASKER
worked good.
https://support.microsoft.com/en-us/help/187498/how-to-disable-pct-1.0,-ssl-2.0,-ssl-3.0,-or-tls-1.0-in-internet-information-services
To disable individual ciphers navigate to schannel, but instead of the protocols reference the ciphers key there in.
Rc4 disable as reference
https://support.microsoft.com/en-us/help/2868725/microsoft-security-advisory-update-for-disabling-rc4