Permanent link:
https://auditsquare.com/advisory/windows/iis-disable-weak-crypto
What is considered a “weak crypto”?
In general you should avoid:
- SSL protocol version v2, v3 and PCT v1
- Symmetric ciphers with keys shorter than 128bit (also known as
export
ciphers) - Weak ciphers - like RC2, RC4
- Weak hash functions - like MD5
Why is it a security issue?
Especially SSL/TLS has not been having a good time lately. You have probably heard of well-known vulnerabilities like Heartbleed, BEAST, CRIME, POODLE, FREAK or Logjam attack.
How to fix it?
All the following changes are made via regedit
(as Administrator). In the end you will need to restart the server.
Disable SSLv2
- go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
; create the key if it does not exist - set
DWORD
valueEnabled
to0
(or create the value if it does not exist) - make sure that
DWORD
valueDisabledByDefault
(if exists) is set it to1
- it is also advisable to disable SSLv2 for client authentication: repeat the above steps for the key
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client
Disable SSLv3:
- go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
; create the key if it does not exist - make sure that
DWORD
valueEnabled
exists and is set it to0
- make sure that
DWORD
valueDisabledByDefault
(if exists) is set it to1
- it is also advisable to disable SSLv3 for client authentication: repeat the above steps for the key
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client
Disable PCTv1 (only Windows 2003 or lower; PCT is not supported on Windows 2008 and newer)
- go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server
; create the key if it does not exist - set
DWORD
valueEnabled
to0
(or create the value if it does not exist) - make sure that
DWORD
valueDisabledByDefault
(if exists) is set it to1
Make sure that only TLS 1.0, TLS 1.1 and TLS 1.2 are enabled
TLS 1.0
- go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
; create the key if it does not exist - make sure that
DWORD
valueEnabled
exists and is set it to1
- make sure that
DWORD
valueDisabledByDefault
(if exists) is set it to0
TLS 1.1 (requires Windows 7, Windows 2008 R2 or higher):
- go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
; create the key if it does not exist - make sure that
DWORD
valueEnabled
exists and is set it to1
- make sure that
DWORD
valueDisabledByDefault
(if exists) is set it to0
TLS 1.2 (requires Windows 7, Windows 2008 R2 or higher):
- go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
; create the key if it does not exist - make sure that
DWORD
valueEnabled
exists and is set it to1
- make sure that
DWORD
valueDisabledByDefault
(if exists) is set it to0
Disable export
ciphers, NULL ciphers, RC2 and RC4
- go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL
and setDWORD
valueEnabled
to0
. - go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56
and setDWORD
valueEnabled
to0
. - go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128
and setDWORD
valueEnabled
to0
. - go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128
and setDWORD
valueEnabled
to0
. - go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128
and setDWORD
valueEnabled
to0
. - go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128
and setDWORD
valueEnabled
to0
. - go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128
and setDWORD
valueEnabled
to0
. - go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128
and setDWORD
valueEnabled
to0
. - go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128
and setDWORD
valueEnabled
to0
.
If any of the above-mentioned registry keys and/or Enabled
vales do not exist, create them.
Completely disable MD5 hash function
- go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5
(create the key if it does not exist) and setDWORD
valueEnabled
to0
(or create the value if it does not exist).
Force server not to respond to renegotiation requests from client
Make sure you have installed a hotfix for MS10-049 see http://support.microsoft.com/kb/980436 (Windows XP, 2003, 7, Vista, 2008, 2008r2)
- go to
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
- create
DWORD
valueAllowInsecureRenegoClients
and set it to0
- create
DWORD
valueAllowInsecureRenegoServers
and set it to0
- create
DWORD
valueDisableRenegoOnServer
and set it to1
- create
DWORD
valueUseScsvForTls
and set it to1
(Win XP, 2003, Vista and 2008)
Setup SSL cipher suite via Group Policy (IIS7 or higher)
- start
gpedit.msc
(as Administrator) - go to Computer Configuration ›› Admin Templates ›› Network ›› SSL Configuration Settings ›› SSL Cipher Suite Order
- set to this value (really this long string without spaces):
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA
Here is the same list one item per line:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521TLS_DHE_DSS_WITH_AES_128_CBC_SHA256TLS_DHE_DSS_WITH_AES_256_CBC_SHA256TLS_DHE_DSS_WITH_AES_256_CBC_SHATLS_DHE_DSS_WITH_AES_128_CBC_SHATLS_DHE_DSS_WITH_3DES_EDE_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHA256TLS_RSA_WITH_AES_128_CBC_SHA256TLS_RSA_WITH_AES_256_CBC_SHATLS_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_3DES_EDE_CBC_SHA (Windows XP with IE8 needs this cipher suite)
IMPORTANT: put TLS_ECDHE_..
on the top to asure SSL Perfect Forward Secrecy and to prevent Longjam attack.
Avoid .._NULL_..
, .._MD5
, .._RC4_..