locked
Disable Weak Cipher SSL key RRS feed

  • Question

  • Regarding the issue weak SSL cipher support in the KB http://support.microsoft.com/kb/245030 , the problem are

     

        1.I can not find some registry such as SCHANNEL\Ciphers\RC2 56/128 and SCHANNEL\Ciphers\RC4 64/128 at that server. Do I need to create by myself ?

        2.Even if I disabled Ciphers\DES 56/56, however, from the THCSSLCheck tool is still show like this

                     

     

    EXP1024-DES-CBC-SHA

    56

    supported

    EDH-RSA-DES-CBC-SHA

    56

    supported

     

    DES-CBC-SHA

    56

    supported

    DES-CBC-SHA

    56

    supported

    etc.....

     

        How to address this issue?

    Thursday, December 3, 2009 11:59 AM

Answers

  • Yes, you need to create the registry keys. What operating system do you use? What application are you trying to configure (is it IIS)?

    Best regards

    Martin Rublik
    • Marked as answer by Mervyn Zhang Tuesday, December 8, 2009 9:47 AM
    Monday, December 7, 2009 8:36 AM

All replies

  • Yes, you need to create the registry keys. What operating system do you use? What application are you trying to configure (is it IIS)?

    Best regards

    Martin Rublik
    • Marked as answer by Mervyn Zhang Tuesday, December 8, 2009 9:47 AM
    Monday, December 7, 2009 8:36 AM
  • Hi,

    In the KB 245030, there are "Example Registry Files", you may modify this file and import on your servers.

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, December 8, 2009 9:48 AM