Windows 2008 R2 Standard server - how to disable RC4

ssl iis-7 windows-server-2008-r2

There is a tool to check the cipher order in a GUI. It works for me every time. (Try it on a test machine if you don't trust the exe.)

Microsoft released a security advisory about RC4 where they explain how to disable RC4 on the client and server side. Now it's best practice to disable RC4.

Don't forget to do the Windows Update in the security advisory because there is a schannel update to do before updating the cipher order.

When the update is done, you can use the tool (IISCrypto), the Microsoft advisory patch, or update the windows registry yourself:

(Be careful. Back up your registry first.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000

Related

Virtualized CPU cores vs. threads
Server migration: most efficient way
Warn user if they try to logoff
Where does Ubuntu store partition UUIDs on disk?
Stunnel won't work with SSLv3 from some hosts
How do I change Dovecot virtual user passwords?
nginx responding to unknown host names?
less with "update file" like functionality
Remote connection to MySQL server takes very long
using nginx with SNI
Scalable (> 24 TB) NAS for research department
Exim: Change sender address when sending mails out of local network