Answered by:
windows server 2019 - Enable RC4128/128 Cipher suit

Question
-
I have tried to enable RC4 128 / 128 cipher on Windows 2019.
But it refuses to accept it, without RC4 the server is subject to POODLE attacks.
I really wish I didn't need SSL3 with RC4 support, but unfortunately there is a company out there that doesn't take security seriously so we have to lower our security to make it available for their product "Internet Explorer 6" which they never bothered to update for better security.
Answers
-
Hello,
Thank you for posting in our TechNet forum.
According to the article Managing SSL/TLS Protocols and Cipher Suites for AD FS
We can use the following registry keys and their values to enable RC4. This cipher suite's registry keys are located here:
Enable RC4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128] "Enabled"=dword:00000001
Then resatrt the machine.
Best Regards,
Daisy ZhouPlease remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- Marked as answer by Mr _G Tuesday, November 19, 2019 7:45 AM
All replies
-
Hello,
Thank you for posting in our TechNet forum.
According to the article Managing SSL/TLS Protocols and Cipher Suites for AD FS
We can use the following registry keys and their values to enable RC4. This cipher suite's registry keys are located here:
Enable RC4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128] "Enabled"=dword:00000001
Then resatrt the machine.
Best Regards,
Daisy ZhouPlease remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- Marked as answer by Mr _G Tuesday, November 19, 2019 7:45 AM
-