I had to actually add these keys. Rebooted. Still showing as an exploit. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128] "Enabled"=dword:00000000 · [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128] "Enabled"=dword:00000000 · [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128] "Enabled"=dword:00000000
· Reappllied this KB · http://support.microsoft.com/kb/2868725 Rebooted. Still showing as an exploit?? From: [email protected] [mailto:[email protected]] On Behalf Of Haritwal, Dhiraj Sent: Friday, June 27, 2014 10:10 AM To: [email protected] Subject: RE: [NTSysADM] SSL ciphers After those registry changes, did you restart that server. There are multiple low level RC4 Ciphers so which one you have disabled. Dhiraj From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Ed Ziots Sent: 27 June 2014 16:29 To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] SSL ciphers Look into iiscrypto by cryptonark software. But why are you disabling rc4 have u tested that things will not break. I know what sslabs is saying but you need to weigh the risks vs the rewards. Ez On Jun 24, 2014 3:09 PM, "David McSpadden" <[email protected]<mailto:[email protected]>> wrote: Looking for how to disable RC4. I have KB2868725 applied but in testing it is showing enabled still? Anyone else seen this on server 2008 RC2 running IIS? This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. ________________________________ This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway.. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
