40-bit RC4 Cipher will not disable

-

i'm not missing here, 40bit rc4 ciphers not disable.

i have exported , diffed servers registry keys another, cipher disabled properly. if server ignoring registry key.

here registry export

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel]
"eventlogging"=dword:00000001

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\ciphers]

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\ciphers\des 56]
"enabled"=dword:00000000

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\ciphers\des 56/56]
"enabled"=dword:00000000

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\ciphers\null]
"enabled"=dword:00000000

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\ciphers\rc2 128/128]
@=""
"enabled"=dword:ffffffff

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\ciphers\rc2 40/128]
"enabled"=dword:00000000

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\ciphers\rc2 56/128]
"enabled"=dword:00000000

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\ciphers\rc4 128/128]
@=""
"enabled"=dword:ffffffff

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\ciphers\rc4 40/128]
"enabled"=dword:00000000

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\ciphers\rc4 56/128]
"enabled"=dword:00000000

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\ciphers\rc4 64/128]
"enabled"=dword:00000000

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\ciphersuites]

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\hashes]

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\hashes\sha]
@=""
"enabled"=dword:ffffffff

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\keyexchangealgorithms]

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\protocols]

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\protocols\pct 1.0]

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\protocols\pct 1.0\server]
"enabled"=dword:00000000

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\protocols\ssl 2.0]

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\protocols\ssl 2.0\client]
"disabledbydefault"=dword:00000001
"enabled"=dword:00000000

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\protocols\ssl 2.0\server]
"enabled"=dword:00000000

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\protocols\ssl 3.0]

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\protocols\ssl 3.0\client]
"enabled"=dword:00000001

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\protocols\ssl 3.0\server]
"enabled"=dword:00000001

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\protocols\tls 1.0]

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\protocols\tls 1.0\client]
"enabled"=dword:00000001

[hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\protocols\tls 1.0\server]
"enabled"=dword:00000001

and here sslscan results:

c:\users\mark\downloads\sslscan-1.8.2-win-r7>sslscan.exe prodweb | findstr accept
    accepted  sslv3  168 bits  des-cbc3-sha
    accepted  sslv3  128 bits  rc4-sha
    accepted  sslv3  128 bits  rc4-md5
    accepted  sslv3   40 bits  exp-rc4-md5
    accepted  tlsv1  256 bits  aes256-sha
    accepted  tlsv1  128 bits  aes128-sha
    accepted  tlsv1  168 bits  des-cbc3-sha
    accepted  tlsv1  128 bits  rc4-sha
    accepted  tlsv1  128 bits  rc4-md5
    accepted  tlsv1   40 bits  exp-rc4-md5

what gets me have exact matching registry entries on server in qa, , works fine.

c:\users\mark\downloads\sslscan-1.8.2-win-r7>sslscan.exe qaweb| findstr accept
    accepted  sslv3  128 bits  rc4-sha
    accepted  sslv3  128 bits  rc4-md5
    accepted  tlsv1  256 bits  aes256-sha
    accepted  tlsv1  128 bits  aes128-sha
    accepted  tlsv1  128 bits  rc4-sha
    accepted  tlsv1  128 bits  rc4-md5

any suggestions before shell out $300 support case?

thanks!

mark

after disable cipher, may need restart iis apply change. http://support.microsoft.com/kb/245030



Windows Server  >  Security



Comments

Post a Comment

Popular posts from this blog

Group Policy Event ID 1058 Error Code 1326 (The user name or password is incorrect)

-
i seeing odd error on 1 of our domain controllers. have dealt event id 1058 errors whereby policy (or policies) not replicating, receiving error along error code 1326 on server, , apparently happening default domain policy: log name:      system source:        microsoft-windows-grouppolicy date:          8/10/2015 3:09:54 pm event id:      1058 task category: none level:         error keywords:      user:          s-1-5-21-1484152634-2550175353-3916092219-3287 computer:      <dc name>.<domainname> description: processing of group policy failed. windows attempted read file http://schemas.microsoft.com/win/2004/08/events/event ">   <system>     <provi...
Read more

Suspicious event log Event ID: 4905

-
hi thr, could please me understand causing such event logs generate ? as  i understand, vssvc.exe pertains volume shadow copy used backup purpose.  we have third party application used taking backup of servers. the event longs generated following messages: 1) attempt made unregister security event source. 2) attempt made register security event source. these events not regular generated on random days. standard fields: date:               2013/10/19 time:               02:32:19 importance:         critical rule name:          security event monitored machine:  <domain controller> log format:         windows log name:           security event id:           4905 in work hours:      yes dynamic fields: internal timestamp: 2013/10/19 ...
Read more

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more