Disable SSL Weak Cipher Suites in Apache and IIS

SSL 3.0 and TLS 1.0 provide options to use various cipher suites. Each cipher suite determines the key exchange, authentication, encryption, and MAC algorithms used within a SSL/TLS session. Using weak cipher suites may enable an attacker to launch man-in-the-middle attacks and monitor or tamper with sensitive data.

To Disable SSL Weak Cipher Suites in Apache

    1. Open the Apache configuration file httd.conf file.
    2. Modify or add the below SSLCipherSuite directive in the httpd.conf and Restart the apache server.

SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

To Disable SSL Weak Cipher Suites in IIS

  1. Open up “regedit” from the command line.
  2. Browse to the following key: HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56
  3. Create a new REG_DWORD called “Enabled” and set the value to 0
  4. Browse to the following key: HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL
  5. Create a new REG_DWORD called “Enabled” and set the value to 0
  6. Browse to the following key: HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128
  7. Create a new REG_DWORD called “Enabled” and set the value to 0
  8. Browse to the following key: HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128
  9. Create a new REG_DWORD called “Enabled” and set the value to 0
  10. Browse to the following key: HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128
  11. Create a new REG_DWORD called “Enabled” and set the value to 0
  12. Browse to the following key: HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128
  13. Create a new REG_DWORD called “Enabled” and set the value to 0
  14. Browse to the following key: HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128
  15. Create a new REG_DWORD called “Enabled” and set the value to 0
  16. Reboot the server.

 

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>