{"id":26,"date":"2007-04-13T13:17:00","date_gmt":"2007-04-13T12:17:00","guid":{"rendered":"https:\/\/iddlesblog.wordpress.com\/2007\/04\/13\/controlling-ssl-ciphers-on-windows-2003-server\/"},"modified":"2007-04-13T13:17:00","modified_gmt":"2007-04-13T12:17:00","slug":"controlling-ssl-ciphers-on-windows-2003-server","status":"publish","type":"post","link":"https:\/\/iddles.co.uk\/index.php\/2007\/04\/13\/controlling-ssl-ciphers-on-windows-2003-server\/","title":{"rendered":"Controlling SSL Ciphers on Windows 2003\/2008 Server"},"content":{"rendered":"<p>On Windows 2003\/2008 Servers\u00a0running anything over SSL (ie HTTPS) via applications like\u00a0IIS, Terminal Services (SP1+) and ISA Server even if the application can set &#8216;Force 128bit encryption&#8217; other weak ciphers are still availible on the server.<br \/>\n\u00a0To stop this:<br \/>\n1) Backup your registry or at least export the key <strong>HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL<\/strong><br \/>\n2) Copy below into a text document and rename to .reg<\/p>\n<blockquote><p><em>Windows Registry Editor Version 5.00<\/em><br \/>\n<em>[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT 1.0Client]<br \/>\n&#8220;Enabled&#8221;=dword:00000000<\/em><br \/>\n<em>[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT 1.0Server]<br \/>\n&#8220;Enabled&#8221;=dword:00000000<\/em><br \/>\n<em>[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Client]<br \/>\n&#8220;Enabled&#8221;=dword:00000000<\/em><br \/>\n<em>[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Server]<br \/>\n&#8220;Enabled&#8221;=dword:00000000<\/em><br \/>\n<em>[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers]<br \/>\n&#8220;Enabled&#8221;=dword:00000000<\/em><br \/>\n<em>[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersDES 56\/56]<br \/>\n&#8220;Enabled&#8221;=dword:00000000<\/em><br \/>\n<em>[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC2 40\/128]<br \/>\n&#8220;Enabled&#8221;=dword:00000000<\/em><br \/>\n<em>[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC4 40\/128]<br \/>\n&#8220;Enabled&#8221;=dword:00000000<\/em><br \/>\n<em>[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC4 56\/128]<br \/>\n&#8220;Enabled&#8221;=dword:00000000<br \/>\n<\/em>\u00a0<\/p><\/blockquote>\n<p>3) Double click the .reg file to run and answer Yes to dialog<br \/>\n4) Confirm working ciphers.\u00a0 A good site is <a href=\"http:\/\/www.serversniff.net\/content.php?do=ssl\">http:\/\/www.serversniff.net\/content.php?do=ssl<\/a>\u00a0<br \/>\n\u00a0Have fun<a href=\"http:\/\/www.serversniff.com\/\"><\/a><br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/iddles.co.uk\/aggbug.aspx?PostID=4474\" alt=\"\" width=\"1\" height=\"1\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On Windows 2003\/2008 Servers\u00a0running anything over SSL (ie HTTPS) via applications like\u00a0IIS, Terminal Services (SP1+) and ISA Server even if the application can set &#8216;Force 128bit encryption&#8217; other weak ciphers are still availible on the server. \u00a0To stop this: 1) Backup your registry or at least export the key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL 2) Copy below into a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[17],"tags":[36,37,48,50],"class_list":["post-26","post","type-post","status-publish","format-standard","hentry","category-windows","tag-iis6","tag-iis7","tag-security","tag-ssl","post-preview"],"_links":{"self":[{"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/26","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=26"}],"version-history":[{"count":0,"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/26\/revisions"}],"wp:attachment":[{"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=26"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=26"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=26"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}