0

I have a requirement to disable below weak TLS ciphers in Windows Server 2016. I tried to reasearch and it says "The Microsoft SCHANNEL team does not support directly manipulating the Group Policy and Default Cipher suite locations in the registry" Please advise. Thank you in advance.

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA250(0xc027) WEAK TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xc030) WEAK TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xc013) WEAK TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xc014) WEAK TLS_RSA_WITH_AES_128_GCM_SHA256(0x9c) WEAK TLS_RSA_WITH_AES_256_GCM_SHA384(0x9d) WEAK TLS_RSA_WITH_AES_128_GCM_SHA256(0x3c) WEAK TLS_RSA_WITH_AES_256_CBC_SHA256(0x3d) WEAK TLS_RSA_WITH_AES_128_CBC_SHA(0x2f) WEAK TLS_RSA_WITH_AES_256_CBC_SHA(0x35) WEAK TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(0x84) WEAK TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(0x41) WEAK

tim
  • 11
  • 1
  • 1
    Everybody else just uses IIS Crypto to do this sort of thing. Is there a reason why it won't work for you? – Michael Hampton Mar 15 '21 at 01:52
  • Can you please advise how I will be able to configure it in IIS. I have no idea, since this is my first time to fix a vulnerability issue.Thank you. – tim Mar 15 '21 at 02:08

1 Answers1

0

Download and use IIS Crypto from Nartac Software. You can enable and disable cipher- and hashing suites using a nice GUI.

bjoster
  • 4,805
  • 5
  • 25
  • 33