Audit Square Advisory

Table of contents:

How disable “weak crypto” in MS IIS?

Permanent link:

https://auditsquare.com/advisory/windows/iis-disable-weak-crypto

What is considered a “weak crypto”?

In general you should avoid:

  • SSL protocol version v2, v3 and PCT v1
  • Symmetric ciphers with keys shorter than 128bit (also known as export ciphers)
  • Weak ciphers - like RC2, RC4
  • Weak hash functions - like MD5

Why is it a security issue?

Especially SSL/TLS has not been having a good time lately. You have probably heard of well-known vulnerabilities like Heartbleed, BEAST, CRIME, POODLE, FREAK or Logjam attack.

How to fix it?

All the following changes are made via regedit (as Administrator). In the end you will need to restart the server.

Disable SSLv2

  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server; create the key if it does not exist
  • set DWORD value Enabled to 0 (or create the value if it does not exist)
  • make sure that DWORD value DisabledByDefault (if exists) is set it to 1
  • it is also advisable to disable SSLv2 for client authentication: repeat the above steps for the key HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client

Disable SSLv3:

  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server; create the key if it does not exist
  • make sure that DWORD value Enabled exists and is set it to 0
  • make sure that DWORD value DisabledByDefault (if exists) is set it to 1
  • it is also advisable to disable SSLv3 for client authentication: repeat the above steps for the key HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client

Disable PCTv1 (only Windows 2003 or lower; PCT is not supported on Windows 2008 and newer)

  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server; create the key if it does not exist
  • set DWORD value Enabled to 0 (or create the value if it does not exist)
  • make sure that DWORD value DisabledByDefault (if exists) is set it to 1

Make sure that only TLS 1.0, TLS 1.1 and TLS 1.2 are enabled

TLS 1.0

  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server; create the key if it does not exist
  • make sure that DWORD value Enabled exists and is set it to 1
  • make sure that DWORD value DisabledByDefault (if exists) is set it to 0

TLS 1.1 (requires Windows 7, Windows 2008 R2 or higher):

  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server; create the key if it does not exist
  • make sure that DWORD value Enabled exists and is set it to 1
  • make sure that DWORD value DisabledByDefault (if exists) is set it to 0

TLS 1.2 (requires Windows 7, Windows 2008 R2 or higher):

  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server; create the key if it does not exist
  • make sure that DWORD value Enabled exists and is set it to 1
  • make sure that DWORD value DisabledByDefault (if exists) is set it to 0

Disable export ciphers, NULL ciphers, RC2 and RC4

  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL and set DWORD value Enabled to 0.
  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56 and set DWORD value Enabled to 0.
  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128 and set DWORD value Enabled to 0.
  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128 and set DWORD value Enabled to 0.
  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128 and set DWORD value Enabled to 0.
  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128 and set DWORD value Enabled to 0.
  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128 and set DWORD value Enabled to 0.
  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128 and set DWORD value Enabled to 0.
  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128 and set DWORD value Enabled to 0.

If any of the above-mentioned registry keys and/or Enabled vales do not exist, create them.

Completely disable MD5 hash function

  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5 (create the key if it does not exist) and set DWORD value Enabled to 0 (or create the value if it does not exist).

Force server not to respond to renegotiation requests from client

Make sure you have installed a hotfix for MS10-049 see http://support.microsoft.com/kb/980436 (Windows XP, 2003, 7, Vista, 2008, 2008r2)

  • go to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
  • create DWORD value AllowInsecureRenegoClients and set it to 0
  • create DWORD value AllowInsecureRenegoServers and set it to 0
  • create DWORD value DisableRenegoOnServer and set it to 1
  • create DWORD value UseScsvForTls and set it to 1 (Win XP, 2003, Vista and 2008)

Setup SSL cipher suite via Group Policy (IIS7 or higher)

  • start gpedit.msc (as Administrator)
  • go to Computer Configuration ›› Admin Templates ›› Network ›› SSL Configuration Settings ›› SSL Cipher Suite Order
  • set to this value (really this long string without spaces): TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA

Here is the same list one item per line:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA (Windows XP with IE8 needs this cipher suite)

IMPORTANT: put TLS_ECDHE_.. on the top to asure SSL Perfect Forward Secrecy and to prevent Longjam attack.

Avoid .._NULL_.., .._MD5, .._RC4_..