W2012 How to turn off TLS_RSA_WITH_3DES_EDE_CBC_SHA

About

Asked 17/1, 2017 at 15:47 Answered 21/1, 2017 at 18:8

My PCI scans are failing on my win 2012 R2 server because of this.

Here is the list of medium strength SSL ciphers supported by the remote server : Medium Strength Ciphers (> 64-bit and < 112-bit key) TLSv1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

They told me it was this one DES-CBC3-SHA I believe Microsoft refers to it as TLS_RSA_WITH_3DES_EDE_CBC_SHA

I would prefer to turn this off using the registry. Anyone know how? Thanks.

Teryn answered 17/1, 2017 at 15:47 Comment(0)

I figured it out. On win 2012 r2 all you have to do is add this reg key. It takes effect immediately. REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168] "Enabled"=dword:00000000

I verified it works using: https://www.ssllabs.com/ssltest/analyze.html

Teryn answered 21/1, 2017 at 18:8 Comment(1)

Confirmed settings using nmap: nmap --script ssl-enum-ciphers -p 443 -Pn (your site name) – Aliunde 25/7, 2019 at 19:16

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags