Disabling weak cipher suites in IIS

By default, IIS is installed with 2 weak SSL 2.0 cipher suites that are enabled: SSL2_RC4_128_WITH_MD5 and SSL2_DES_192_EDE3_CBC_WITH_MD5. This can impact the security of AppScan Enterprise, and the cipher suites should be disabled.

Before you begin

Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on your computer.

Procedure

  1. Open the Registry Editor (Start > Run > regedit).
  2. In the HKEY_LOCAL_MAC HINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers directory:
    1. Create a new key called RC4 128/128 (Ciphers > New > KeyRC4 128/128).
    2. Right-click the key's name and create a new DWORD (32-bit) Value called 'Enabled'. (New > DWORD (32-bit) Value > Enabled).
    3. Leave the default value as '0'.
  3. In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes directory:
    1. Create a key called MD5 (Hashes > New > Key > MD5).
    2. Right-click the key's name and create a new DWORD (32-bit) Value called 'Enabled'. (New > DWORD (32-bit) Value > Enabled).
    3. Leave the default value as '0'.
  4. Close the Registry Editor.