Link to home
Start Free TrialLog in
Avatar of klsphotos
klsphotos

asked on

How to fix "SSL Medium Strength Cipher Suites Supported" error

Hi Experts,

We have have this error in a Necus report on a 2016 virtual server:

"SSL Medium Strength Cipher Suites Supported"

I've gone here:

https://stackoverflow.com/questions/4886346/how-to-fix-ssl-medium-strength-cipher-suites-supported-in-iis-6-0

and to several other sites telling me to do almost the same thing.

The problem is, we do not have the path in any of these solutions in our registry.  There is no schannel or Security Providers.

Is that the issue?  :)

Please help, we have to resolve this error and get a clean report and I don't want to make any changes to the registry or add until I am sure that is what is needed for this.

Thank you,

Karen
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

https://www.nartac.com/Products/IISCrypto/ has a good tool that will help you to remove weaker encryption cipher suites from Windows Server. It will add the appropriate registry keys and values as needed. In answer to your question, yes, you would need to add the keys and values manually if they aren't there.
Avatar of btan
btan

I am assuming it is Nessus findings
- Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

iiscrypto is useful for Windows check and setting. Note these registry keys do not exist by default; you may have to create them.

Look at the port that vulnerability is appearing on; find out what program is listening on that port. There are often specific fixes (or no available fix) for specific programs. The registry key above will only resolve the issue if the impacted service is using the Windows SCHANNEL encryption libraries/settings.

If you are having Apache
https://www.sslshopper.com/article-how-to-disable-weak-ciphers-and-ssl-2.0-in-apache.html
Avatar of klsphotos

ASKER

Hello thank you everyone from this and your responses.  I tried the program suggested and while it works wonderfully on some of our servers, it's not compatible with this 2016 azure server so I am unable to use this program.

Any other suggestions?
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.