Disable RC4 Cipher Suites on Remote Desktop

12 04 2014

During vulnerability assessment activities I frequently run across the advisory that suggests to disable the RC4 cipher suites on the web server of the day. The reasons behind this are explained here: link.

On windows system, I came across to that vulnerability applied to the Remote Desktop service. I also read about some people having troubles trying to disable those ciphers, meaning the remediations they used didn’t really work. I personally followed this security advisory and it solved the problem.
So basically I just added the following registry key:

  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
    • “Enabled”=dword:00000000

As a result, you can look at the handshake TLS handshake before and after the change. It seems that RC4 chiper suites are no longer available.

You can double check with sslscan (sslscan IP:3389 | grep Accepted).

Advertisements

Actions

Information

One response

7 01 2015

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: