troubleshooting Question

How do I disable outdated and vulnerable ciphers on windows server without affecting RDP and Plesk access?

Avatar of mike99c
mike99c asked on
Windows Server 2016Plesk* ciphersAWS* pci compliance
6 Comments2 Solutions226 ViewsLast Modified:
I have a Windows Server 2016 hosted on AWS EC2 using Plesk Onyx as a hosting control panel. It is a shared server and hosts multiple websites.

We have a requirement for one of our shared hosting clients to make their website and therefore our server PCI compliant in order to host a credit card payment page. One of the requirements is to disable the following outdated or vulnerable ciphers:

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)
It is also a requirement to disable TLS 1.1.

However, I have the following concerns if the above changes are applied:

1. Disabling 3DES will create an issue accessing my server via remote desktop (RDP)
2. Disabling TLS 1.1 will break Plesk (latest version) Admin interface
3. Disabling the ciphers and TLS 1.1 will cause issues for visitors using Windows XP or outdated browsers.

I'm not too concerned about the last issue but am very concerned about not being able to access RDP and Plesk. Indeed applying these changes will likely lock me out of my server completely which can only be resolved through direct physical server access.

Is anyone aware of a workaround to resolve these issues? If need be we will consider a dedicated server just to satisfy our PCI compliant websites.
ASKER CERTIFIED SOLUTION
serialband

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 2 Answers and 6 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros