If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
How do I disable 3DES?
On 02/04/2017 03:40 PM, Java Jive wrote:
That may be so, but it's a security hole nonetheless. Ping me if you want my notes on how to harden it. And by the way, a bazillions times more secure than a web browser. |
Ads |
#17
|
|||
|
|||
How do I disable 3DES?
On 02/01/2017 01:01 AM, T wrote:
https://www.nartac.com/Products/IISCrypto https://www.nartac.com/Blog/post/201...-updated1.aspx nartac doesn't run on W7. It is a server only product. I take that back. IISCrypto does operate on W7, even though their web site says it only works on server products. With it you can easily disable protocols, including 3DES. But.. disabling 3DES kill Remote Desktop (or I haven't figured a way around it yet). -T |
#18
|
|||
|
|||
How do I disable 3DES?
On 01/30/2017 10:29 PM, T wrote:
How do I disable 3DES on w7-pro? Got is figured out. This breaks rdesktop-1.8.3 but works with mstsc.exe, so ... Here are my notes: How to disable 3DES (Sugar32 exploit) in Windows 7 (possibly other versions): 1) Registry: REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168] "Enabled"=dword:00000000 Note: most easily done with IISCrypto.exe: https://www.nartac.com/Products/IISCrypto/Download 2) gpedit.msc -- Computer Configuration -- Policies -- Administrative Templates -- Windows Components -- Remote Desktop Services -- Remote Desktop Session Host -- Security Specific security layer for remote (rdp) connections set to "enabled" set "Security Layer" to "RDP" Require secure RCP commications set to "enabled" 3) reboot: shutdown /r /f /t 00 How to test for 3DES (Sugar32): nmap -p xxxx -Pn --script +ssl-enum-ciphers aaa.bbb.ccc.ddd --script ssl-cert |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|