Disabling SHA in IIS

Question

My company has a web server running IIS 6, and was asked to help disable SHA on it. Specifically this cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

I found these instructions https://www.namecheap.com/support/knowledgebase/article.aspx/9600/38/disabling-sha1 and set the registry entry for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA\Enabled to 0, but that immediately stopped access to our website, even without a reboot.

0 and 1 both fail, so ffffffff seems to be the only correct value that will allow us to access the website, but that means that TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is still enabled.

Is there a better way to do it?

Does this answer your question? [How to configure IIS 7.5 SSL \ TLS to work with iOS 9 ATS](https://serverfault.com/questions/724077/how-to-configure-iis-7-5-ssl-tls-to-work-with-ios-9-ats) — djdomi, Apr 11 '23 at 17:01

score 0 · Answer 1 · answered Apr 11 '23 at 18:52

0

I would attempt to enable a different encryption method that is "acceptable for your use case"
It might be that certain processes, programs cannot run, or have a dependency on this encryption method. Such as "bit warden", or similar programs.

answered Apr 11 '23 at 18:52

Aaron Michael Ross

1
3

score 0 · Answer 2 · answered Apr 17 '23 at 12:24

0

It shows some altenate values possible so thought this might help https://www.betaarchive.com/wiki/index.php/Microsoft_KB_Archive/245030

answered Apr 17 '23 at 12:24

nononame

1

Disabling SHA in IIS

2 Answers2