During vulnerability assessment activities I frequently run across the advisory that suggests to disable the RC4 cipher suites on the web server of the day. The reasons behind this are explained here: link.
On windows system, I came across to that vulnerability applied to the Remote Desktop service. I also read about some people having troubles trying to disable those ciphers, meaning the remediations they used didn’t really work. I personally followed this security advisory and it solved the problem.
So basically I just added the following registry key:
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
- “Enabled”=dword:00000000
As a result, you can look at the handshake TLS handshake before and after the change. It seems that RC4 chiper suites are no longer available.
You can double check with sslscan (sslscan IP:3389 | grep Accepted).
[…] https://littlehyenas.wordpress.com/2014/04/12/disable-rc4-cipher-suites-on-remote-desktop/ http://support.microsoft.com/kb/2868725/en-us http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx […]