disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption & disable MD5 and 96-bit MAC algorithms - Windows 2008 Std SP2 (Network Steve Forum)

disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption & disable MD5 and 96-bit MAC algorithms - Windows 2008 Std SP2

Friends,

We have received Vulnerability scan report for our WS_FTP server and suggested below actions..

1. SSH Server CBC Mode Ciphers Enabled - Disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.

The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc

The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported :
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

2. SSH Weak MAC Algorithms Enabled - Disable MD5 and 96-bit MAC algorithms

The following client-to-server Message Authentication Code (MAC) algorithms are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96
The following server-to-client Message Authentication Code (MAC) algorithms are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96

No Proper steps or Instructions are available on Internet regards to these two points, could you please suggest...

Regards,

SH,

August 31st, 2015 1:08am

Hi,

To disable a certain cipher suite in SCHANNEL, we may edit the registry below:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\CipherSuites]

For detailed procedure, please refer to the link below:

https://support.microsoft.com/en-us/kb/245030

Best Regards.

Free Windows Admin Tool Kit Click here and download it now

September 6th, 2015 10:01pm

This topic is archived. No further replies will be accepted.