Scribd Logo
Upload

Welcome to Scribd!

  • Disabling RC4 en Windows 2008

    Uploaded by

    Juan Fernando Vela
    23 views9 pages
    Soporte Windows 2008 Disabling RC4

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Soporte Windows 2008 Disabling RC4

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views9 pages

    Disabling RC4 en Windows 2008

    Uploaded by

    Juan Fernando Vela
    Soporte Windows 2008 Disabling RC4

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    Disabling RC4

    RC4 is a stream cipher for bulk encryption that nowadays is considered as


    practically vulnerable and was officially deprecated by Internet Engineering Task
    Force.

    1. Open registry editor:

    Win + R >> regedit

    2. Navigate to:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProvid
    ers\Schannel\Ciphers

    3. Right-click on Ciphers >> New >> Key

    Name the key 'RC4 40/128'

    4. Right-click on RC4 40/128 >> New >> DWORD (32-bit) Value


    Name the value 'Enabled'

    5. Double-click the created Enabled value and make sure that there is zero (0)
    in Value Data: field >> click OK
    6. Create two more keys with the names 'RC4 56/128' and 'RC4 128/128' in
    the Ciphers directory. Repeat steps 4 and 5 for each of them.
    7. After step 6 is completed, you should have three keys for RC4 in total in
    Ciphers. Each RC4 key should have the DWORD value named 'Enabled' with
    zero (0) value data.
    *******************************

    More Info:

    How to Completely Disable RC4

    Clients and Servers that do not wish to use RC4 ciphersuites, regardless of the other party's
    supported ciphers, can disable the use of RC4 cipher suites completely by setting the following
    registry keys. In this manner any server or client that is talking to a client or server that must use
    RC4, can prevent a connection from happening. Clients that deploy this setting will not be able to
    connect to sites that require RC4 while servers that deploy this setting will not be able to service
    clients that must use RC4.

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphe
    rs\RC4 128/128]

    "Enabled"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphe
    rs\RC4 40/128]
    "Enabled"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphe
    rs\RC4 56/128]

    "Enabled"=dword:00000000

    ********************************

    Cómo deshabilitar RC4 por completo

    Nota Debe instalar esta actualización de seguridad (2868725) antes de realizar el


    siguiente cambio del Registro a fin de deshabilitar RC4 por completo.

    Los clientes y servidores que no quieran usar RC4 independientemente de los cifrados
    compatibles de la otra parte pueden deshabilitar los conjuntos de cifrados RC4 por
    completo configurando las siguientes claves del Registro. De este modo, cualquier
    servidor o cliente que esté hablando con un cliente o servidor que tenga que utilizar
    RC4 puede impedir que se produzca una conexión. Los clientes que implementen esta
    configuración no podrán conectar con sitios que requieran RC4, y los servidores que
    implementen esta configuración no podrán dar servicio a los clientes que tengan que
    utilizar RC4.

     [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\
    SCHANNEL\Ciphers\RC4 128/128]
    "Enabled"=dword:00000000
     [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\
    SCHANNEL\Ciphers\RC4 40/128]
    "Enabled"=dword:00000000
     [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\
    SCHANNEL\Ciphers\RC4 56/128]
    "Enabled"=dword:00000000
    Para obtener más información, haga clic en el número de artículo siguiente para verlo
    en Microsoft Knowledge Base:
    245030 Cómo restringir el uso de ciertos protocolos y algoritmos criptográficos en
    Schannel.dll
    Cómo pueden impedir otras aplicaciones el uso de conjuntos de cifrado basados en RC4

    RC4 no está activado de forma predeterminada para todas las aplicaciones. Las
    aplicaciones que llamen directamente a SChannel seguirán utilizando RC4 a menos
    que tomen parte en las opciones de la seguridad. Las aplicaciones que utilicen
    SChannel pueden bloquear los conjuntos de cifrado de RC4 para sus conexiones
    pasando el marcador SCH_USE_STRONG_CRYPTO a SChannel en la estructura
    SCHANNEL_CRED. Si es necesario mantener la compatibilidad, las aplicaciones que
    utilizan SChannel pueden implementar además una reserva que no pase este
    marcador.

    HOW TO DISABLE RC4 CIPHERS FROM


    THE WINDOWS SERVER 2008?
    Microsoft suggests using the TLS 1.2 Security Encryption to their
    clients since it has the Advanced Encryption Standard. Also, it
    recommends disabling the RC4 cipher from your Windows Server.
    Following steps will help you to completely Disable the RC4 cipher in
    your Window 2008 Server.

    1. Login to your Window Server.

    2. Click Start >> Run

    3. In Run Open the Registry with regedit command.


    GET WINDOWS VPS HOSTING

    4. Locate the following path.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\C
    iphers

    5. Right Click on the Ciphers and create the Following 3 New


    Keys.

              RC4 128/128


              RC4 40/128
              RC4 56/128
            

    6. Right Click on the RC4 128/128 >> New >> Click on


    DWORD(32-bit)Value.
    7. Rename the New Value #1 to Enabled.

    You might also like