No video
Disable Weak Ciphers (RC4 & TripleDES) Windows Server 2012
Рет қаралды 57,610
6 жыл бұрынThis video is following on from the previous one (Disabling SSLv3 and TLS v1.0), which can be found here - • Disable SSLv3 & TLS1.0...
The video covers removing support for RC4 and TripleDES ciphers, as well as removing support for the weaker exchange algorithm 'Diffie-Hellman'.
@Jason_P Жыл бұрын
Excellent content, thank you! This works for Server 2019 as well.
@jganer 5 жыл бұрын
Thank you! I need to figure out how to do this a work and your videos have been very helpful!
@phr33fall83 5 жыл бұрын
Awesome! Glad it helped :)
@alfredoramos1450 Жыл бұрын
Thank you sir, your solutions works! I tried it on Windows server 2012R2
@phillip5838 Жыл бұрын
Happy to help!
@AnkitGupta-ew4bk 3 жыл бұрын
Thank you really helpful.
@phr33fall83 2 жыл бұрын
Glad it was helpful!
@jashimuddinbhuiyan7555 2 жыл бұрын
how this will be disable "AECDH-AES128-SHA" 128 and 256 . please specify
@daftrok 5 жыл бұрын
Is there a reason why you still keep TLS 1.1 enabled with the worry of POODLE and BEAST vulnerabilities? Is this more for compatibility reasons or can we now safely assume that anything that can support 1.1 will support 1.2 and we can disable 1.1 as well?
@phr33fall83 5 жыл бұрын
No reason. You can apply the same principles to disable TLS 1.1 if you wish.
@seanyang1209 2 жыл бұрын
Thank you very much!
@phr33fall83 2 жыл бұрын
You're welcome!
@luweybeatz 2 жыл бұрын
Hello, is there a command that I can run on the box itself, or remotely (without Kali) that can tell me what ciphers are enabled? Thank you
@notta3d 2 жыл бұрын
I would love to hear this as well.
@OshiOnYT 4 жыл бұрын
Thank you so much
@phr33fall83 2 жыл бұрын
You're most welcome
@ninoteves8573 Жыл бұрын
How did you know that that's the right key is there a list? Or name or something?
@kerryhannah1264 5 жыл бұрын
Thanks for the video, very informative. I am still getting this error when trying to connect to TLS1.2: Failed to connect with TLS1.2 : Error during handshake: the client and server cannot communicate, because they do not possess a common algorithm. (0x80090331) Any thoughts would be appreciated. Thanks!
@phr33fall83 5 жыл бұрын
Hi Kerry. It could be that the client you are trying to connect does not support TLS v1.1 or TLSv1.2 and needs updating. It would be worth checking with the vendor.
@kerryhannah1264 5 жыл бұрын
@@phr33fall83 thanks for your response sir!
@joeyofblades 3 жыл бұрын
What's that "sslscan" script? Looks useful.
@phr33fall83 2 жыл бұрын
Hi Joey. It comes default on Kali, or you can download it from GitHub - github.com/rbsec/sslscan
@diegoalvarez9918 4 жыл бұрын
Awesome video. Is there an easier way to do this ? What I mean is, a command script to disable Triple DES instead of manually creating the key and then creating a dword value (enable=0)
@MegaWhiteBeaner 4 жыл бұрын
You can create and set the dwords with a script and pass that through to a csv with all the computer names or prompt the user for a computer name. This is pretty basic stuff.
@phr33fall83 2 жыл бұрын
There is software called IISCrypto that will take a lot of the manual work out. www.nartac.com/Products/IISCrypto
@sangovan7975 Жыл бұрын
How can i rollback?
@Ian_Butterworth 3 жыл бұрын
Rather than disable Diffie-Hellman, wouldn't it be better to set it to use 2048bit instead?
@phr33fall83 2 жыл бұрын
Hey Ian. Yeah absolutely. The video was made over 3 years ago specifically for those ciphers :)
@sheeshee5083 Жыл бұрын
How do u do that?
@Ian_Butterworth Жыл бұрын
@@sheeshee5083 I believe if you made a .reg file with the following contents it will force 2048 bit DH. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman] "ServerMinKeyBitLength"=dword:00000800
@sheeshee5083 Жыл бұрын
@@Ian_Butterworth whoaa thank you!!!
@sheeshee5083 Жыл бұрын
I believe we can also do it by setting jdk.tls.ephemeralDHKeySize to 2048. I'm new to these things, I could be wrong.
AccuWeb Hosting
Рет қаралды 21 М.
InfoSec Governance
Рет қаралды 65 М.