Link to home
Start Free TrialLog in
Avatar of jdff
jdff

asked on

Need to disable SSL Cipher

My PCI scan has failed and it is asking me to address the 2 issues below, can someone here help me with the case? I'm running Windows 2008 R2.

SSL Medium Strength Cipher Suites Supported
SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
ASKER CERTIFIED SOLUTION
Avatar of Scott Silva
Scott Silva
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Here is the link to ms support registry editing guide that handles disabling the protocol.
https://support.microsoft.com/en-us/help/187498/how-to-disable-pct-1.0,-ssl-2.0,-ssl-3.0,-or-tls-1.0-in-internet-information-services
To disable individual ciphers navigate to schannel, but instead of the protocols reference the ciphers key there in.
Rc4 disable as reference
https://support.microsoft.com/en-us/help/2868725/microsoft-security-advisory-update-for-disabling-rc4
Avatar of btan
btan

Also to add if changing protocol you will need to reboot the machines otherwise just chnaging ciphers need not reboot.
On bran's comment restarting the service PCI reported as having an issue should enough to implement the registry change for cipher/protocol.
But there are circumstances as bran noted where a reboot would be required to have the changes applied.
Avatar of jdff

ASKER

worked good.