By default, IIS is installed with 2 weak SSL 2.0 ciphersuites that are enabled: SSL2_RC4_128_WITH_MD5 andSSL2_DES_192_EDE3_CBC_WITH_MD5. This can impact the securityof AppScan Enterprise, and the cipher suites should be disabled.
See Also
HOWTO: Disable weak protocols, cipher suites and hashing algorithms on Web Application Proxies, AD FS Servers and Windows Servers running Azure AD Connect - The things that are better left unspokenTLS Cipher Suites in Windows 10 v1803 - Win32 appsmyF5Before you begin
Incorrectly editing the registry may severely damageyoursystem. Before making changes to the registry, you should back upany valued data on your computer.Procedure
- Open theRegistry Editor (Start > Run > regedit).
- Inthe HKEY_LOCAL_MAC HINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers directory:
- Create a new key called RC4 128/128 (Ciphers > New > KeyRC4 128/128).
- Right-click the key's name and create a new DWORD (32-bit)Value called 'Enabled'. (New > DWORD (32-bit) Value > Enabled).
- Leave the default valueas '0'.
- In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes directory:
- Create a key called MD5 (Hashes > New > Key > MD5).
- Right-clickthe key's name and create a new DWORD (32-bit)Value called 'Enabled'. (New > DWORD (32-bit) Value > Enabled).
- Leave the default valueas '0'.
- Close the RegistryEditor.
