I am trying to remediate SSL/TLS vulnerabilities discovered by our vulnerability scanner. All the methods I have seen so far involve SCHANNEL changes in the registry. The SCHANNEL registry changes are unfortunately system-wide changes and can not be restricted to a specific port. I can not do the SCHANNEL registry changes because it will affect other services that are running when the problem is only with port 3389 (RDP). IS there a way i can specify on which service the SCHANNEL restrictions should apply? or by any other restriction method as long as it is being done on a service by service basis and not as a wholesale approach.
Asked
Active
Viewed 2,556 times
1 Answers
1
This cannot be changed for an individual service that uses the Microsoft TLS/SSL Security Provider; any change to protocols and cipher suites for the Microsoft TLS/SSL Security Provider will apply to all applications that use it.
Dylan Knoll
- 480
- 2
- 9
-
Thanks Dylan, is there another way that I can restrict the encryption protocols/ciphers at the service level? – John Apr 07 '17 at 16:09
-
Not to my knowledge. – Dylan Knoll Apr 07 '17 at 16:16