none
windows server 2019 - Enable RC4128/128 Cipher suit RRS feed

  • Question

  • I have tried to enable RC4 128 / 128 cipher on Windows 2019.

    But it refuses to accept it, without RC4 the server is subject to POODLE attacks.
    I really wish I didn't need SSL3 with RC4 support, but unfortunately there is a company out there that doesn't take security seriously so we have to lower our security to make it available for their product "Internet Explorer 6" which they never bothered to update for better security.

    Friday, November 15, 2019 12:29 PM

Answers

  • Hello,
    Thank you for posting in our TechNet forum.

    According to the article Managing SSL/TLS Protocols and Cipher Suites for AD FS

    We can use the following registry keys and their values to enable RC4. This cipher suite's registry keys are located here:

    Enable RC4
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128] "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128] "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128] "Enabled"=dword:00000001

    Then resatrt the machine.



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Mr _G Tuesday, November 19, 2019 7:45 AM
    Monday, November 18, 2019 6:40 AM
    Moderator

All replies

  • Hello,
    Thank you for posting in our TechNet forum.

    According to the article Managing SSL/TLS Protocols and Cipher Suites for AD FS

    We can use the following registry keys and their values to enable RC4. This cipher suite's registry keys are located here:

    Enable RC4
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128] "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128] "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128] "Enabled"=dword:00000001

    Then resatrt the machine.



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Mr _G Tuesday, November 19, 2019 7:45 AM
    Monday, November 18, 2019 6:40 AM
    Moderator
  • Apparently I needed more then one reboot for RC4 to kick in, all other cipher changes worked after first reboot.

    • Edited by Mr _G Tuesday, November 19, 2019 7:45 AM
    Tuesday, November 19, 2019 7:32 AM