Featured:
Allergies
Tech Know
Grilling Guide
eHow Now Blog

How to Disable Weak SSL Ciphers

How to Disable Weak SSL Ciphers thumbnail
A network is only as secure as its server.

Microsoft Internet Information Server, or IIS, uses a secure HTTP connection for remote access to the server. When a secure connection is used, the server attempts to communicate in three different protocols. It first tries the PCT 1.0 protocol, before trying SSL 3.0 and SSL 2.0. The problem with this is that PCT 1.0 has weak ciphers, or encrypted communications. This makes it an immediate security risk and needs to be disabled. The SSL 3.0 protocol can be forced via the server's registry using a settings import file called a .REG file.

Instructions

  1. Back up the Windows Registry

    • 1

      Turn on your server and log in. Press "WIN" and "R" at the same time. "WIN" is the Windows logo key located next to the "Ctrl" key.

    • 2

      Type "regedit" into the Run dialog box and press "Enter." Click on the "+" to the left of the "HKEY_LOCAL_MACHINE" item and expand each folder in the left pane to the following path: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL."

    • 3

      Highlight the SCHANNEL folder in the left pane. Select "File" from the menu bar and click "Export." Save the registry file to somewhere secure, such as the system drive.

    Disable the Weak SSL Ciphers

    • 4

      Open the folder where you saved the .REG file. Right-click the .REG file and select "Edit." Highlight everything and press the "Delete" key.

    • 5

      Copy and paste the following into the .REG file:

      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]

      "Enabled"=dword:00000000

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL]

      "Enabled"=dword:00000000

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128]

      "Enabled"=dword:00000000

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128]

      "Enabled"=dword:00000000

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]

      "Enabled"=dword:00000000

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]

      "Enabled"=dword:00000000

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128]

      "Enabled"=dword:00000000

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server]

      "Enabled"=dword:00000000

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]

      "Enabled"=dword:00000000

    • 6

      Click on "File" and select "Save As." Name the file "Disable Ciphers.REG" and save it in the same folder as the original .REG file.

    • 7

      Open the folder the .REG files are saved in and double-click the Disable Ciphers.REG file. Confirm the registry addition box by selecting "Yes."

    • 8

      Confirm that everything still functions properly. Log out if the server is running properly. Use the original .REG file to restore the old registry settings if disabling the ciphers causes other issues.

Tips & Warnings

  • Always perform a backup of the registry before editing it.

  • Do not deviate from the registry settings provided, or your system may be damaged.

Suggest item

Related Searches:

References

  • Photo Credit data security image by dinostock from Fotolia.com

Comments

You May Also Like

  • How to Disable Weak Ciphers in IIS 6

    Microsoft's Internet Information Services 6, or IIS 6, Web server is included with professional and server editions of Windows XP and 2003....

  • SSL Change Cipher Spec Protocol

    The SSL Change Cipher Spec Protocol is part of the Secure Sockets Layer, or SSL. A cipher is an encryption method, and...

  • What Are SSL Ciphers?

    SSL, or secure sockets layer, serves as a secure way for computers to connect to one another while sending and receiving data....

  • How to disable SSL v2 for PCI Compliance

    Comments. You May Also Like. How to Disable Weak Ciphers in IIS 6. Microsoft's Internet Information Services 6, or IIS 6, Web...

  • How to Disable Trace Track Methods in IIS 6

    Microsoft Internet Information Services allows you to host websites on your computer that are available to an intranet or Internet users. During...

  • How to Disable the SSL V.2 IIS

    Short for Internet Information Services, IIS allows computers running the Microsoft Windows operating system to act as Web servers. The software includes...

  • Registry Command Line Tools

    Registry Command Line Tools. The Windows Registry is a database of information like configurations, processes, applications and settings for the Microsoft Windows...

  • How do I Disable SSL in IIS 6.0?

    SSL or Secure Socket Layer, is a widely used protocol that provides security to all communications in your company or organization's server....

  • How to Disable SSL in Windows

    SSL, which stands for "Secure Sockets Layer," is an outdated internet security protocol that was typically used to secure connections where information...

  • How to Test SSL Security

    SSL (Secure Sockets Layer) is a technology commonly used between websites and browsers to secure a session between the two with encryption...

  • How to Disable SSL V2

    "Secure Socket Layer" (SSL) 2.0 is an out-of-date version of SSL that is still included---as of August 2010---with Internet Explorer as a...

  • Public Key Methods of Encryption

    Public key cryptography (PKC) uses two keys, a private and a public key, to encrypt messages. PKC implements encryption algorithms that depend...

  • How to Solve a Number Cipher

    It's easy to solve number ciphers if you know the trick: some letters are more frequent in the English language than others....

  • How to Disable WebDAV IIS 6.0

    Short for Internet Information Services, Microsoft IIS includes a collection of programs, modules and management extensions that allow Windows computers to host...

  • How to Disable Rc4-Md5 in Microsoft Windows Server 2003

    The RC4 and MD5 encryption algorithms are important security features in Microsoft Windows 2003. These services manage cryptographic keys for a variety...

  • How to Find Internet Explorer 7 Encryption

    In Internet Explorer and other web browsers, encryption is a feature that secures the information you send to a secure website--for example,...

  • How to Disable SSL

    On the Web, Secure Sockets Layer (SSL) is used to encrypt communication. This feature is used on websites that require a user...

  • How to Disable a Screensaver Via Command Line

    Disabling the Windows screen saver from the command prompt is not quite as difficult as it might sound. It is accomplished by...

  • How to Enable WebDAV on IIS 6

    WebDAV is a protocol that allows users to connect to shared drives over the Hypertext Transfer Protocol (HTTP) system. The Internet Information...

Related Ads

thumbnail
Featured