How to turn off Weak SSL Ciphers on IIS
With growing security concersn for the site, it’s now recommended to don’t use the Weak or No Ciphers at all. Unfortunately, these weak ciphers are enabled by default in most of the IIS versions.
If you don’t want to supports the use of SSL ciphers that offer either weak encryption or no encryption at all, then you can easily turn them of by by modifying the corresponding registry entries under following path:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers
Basically, to fix this security warning, you should disable the SSLv2 and any SSL Ciphers less than 128 bit encryption.
The following link discuss the steps you need to perform:
http://blog.techstacks.com/2008/10/iis-disabling-sslv2-and-weak-ciphers.html
If you want more info or details, please check the following link:
http://support.microsoft.com/kb/187498
As it’s risky task, I will recommend that you first try it on a test machine.
Good luck and be careful when editing registry entries.
This entry was posted
on Tuesday, April 7th, 2009 at 12:44 pm and is filed under IIS, Windows.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Thanks a lot for the link. A lot have folks have been referred to my little site since your post was published. Thanks again!