locked
Restricting weak ciphers in Windows 7 RRS feed

  • Question

  • We are having problems with PCI scans that show "the remote service supports the use of weak/anonymous/medium strength SSL ciphers", is there any way of disabling these in Windows 7?

    Monday, January 31, 2011 12:03 PM

Answers

  • Hi,

     

    Please try these steps to disable it in this article:

     

    http://www.ehow.com/how_7610518_disable-weak-ssl-ciphers.html

     

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

     

    Hope that helps.

     

    Regards,

    Leo   Huang


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Leo Huang Monday, February 7, 2011 7:08 AM
    Wednesday, February 2, 2011 2:55 AM

All replies

  • Hi,

     

    Please try these steps to disable it in this article:

     

    http://www.ehow.com/how_7610518_disable-weak-ssl-ciphers.html

     

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

     

    Hope that helps.

     

    Regards,

    Leo   Huang


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Leo Huang Monday, February 7, 2011 7:08 AM
    Wednesday, February 2, 2011 2:55 AM
  • That link currently gets you to "How to Disable Invalid SSL in Firefox".

    This issue is a difficult one with no clear answer.  There is a Network SSL cipher order Group Policy, but this GPO only allows 1024 bytes in the control and if the Windows 7 SP1 system is fully patched there are over 1300 bytes in the Windows 7 default string.

    In current times we want to remove support for  SSL 3.0 and TLS 1.0 (including all RC4 and MD5), essentially allowing TLS 1.1 and above.  And soon we will want to support strong ciphers only with TLS 1.2 and above.   This assumes that SSL 1.0 SSL 2.0 are already gone.  And we still want our computers to authenticate to our 2012 R3 Domain controllers.

    Saturday, November 5, 2016 10:37 AM