Hello all.
It's been a while since I've had the pleasure of participating on the Tek-tips website; however, I've run into something that is a bit of a bother...
As you can see below, I have taken a few clips from the registry (W2k) to give a little more information about what's going on:
-------------
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128
Class Name: <NO CLASS>
Last Write Time: 2/16/2009 - 10:35 AM
Value 0
Name: Enabled
Type: REG_DWORD
Data: 0x0
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128
Class Name: <NO CLASS>
Last Write Time: 2/16/2009 - 10:35 AM
Value 0
Name: Enabled
Type: REG_DWORD
Data: 0x0
And as a test, disabled MD5 altogether:
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5
Class Name: <NO CLASS>
Last Write Time: 2/16/2009 - 3:19 PM
Value 0
Name: Enabled
Type: REG_DWORD
Data: 0x0
-----------
As is apparent, the RC2 and RC4 40-bit ciphers are disabled. The problem lies with when I do a scan on the server utilizing several different techniques (from third party to scanning using SSLDigger). It shows that the two 40-bit export protocols are enabled, EXP-RC2-CBC-MD5 & EXP-RC4-MD5.
The question I have is wouldn't these ciphers (EXP-RC2-CBC-MD5 & EXP-RC4-MD5) be tied in with the rest of them? There are no other 40 bit ciphers mentioned in the registry under schannel but the two above that are disabled. I know that unless a cipher is specifically disabled that it is enabled for the system to utilize. So if the 40-bit ciphers are disabled, and I see no record anywhere else of the two ciphers in question having different reg keys, shouldn't they in theory be disabled?
I look forward to the responses. I have included an attached file containing the schannel data in whole for perusal.
It's been a while since I've had the pleasure of participating on the Tek-tips website; however, I've run into something that is a bit of a bother...
As you can see below, I have taken a few clips from the registry (W2k) to give a little more information about what's going on:
-------------
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128
Class Name: <NO CLASS>
Last Write Time: 2/16/2009 - 10:35 AM
Value 0
Name: Enabled
Type: REG_DWORD
Data: 0x0
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128
Class Name: <NO CLASS>
Last Write Time: 2/16/2009 - 10:35 AM
Value 0
Name: Enabled
Type: REG_DWORD
Data: 0x0
And as a test, disabled MD5 altogether:
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5
Class Name: <NO CLASS>
Last Write Time: 2/16/2009 - 3:19 PM
Value 0
Name: Enabled
Type: REG_DWORD
Data: 0x0
-----------
As is apparent, the RC2 and RC4 40-bit ciphers are disabled. The problem lies with when I do a scan on the server utilizing several different techniques (from third party to scanning using SSLDigger). It shows that the two 40-bit export protocols are enabled, EXP-RC2-CBC-MD5 & EXP-RC4-MD5.
The question I have is wouldn't these ciphers (EXP-RC2-CBC-MD5 & EXP-RC4-MD5) be tied in with the rest of them? There are no other 40 bit ciphers mentioned in the registry under schannel but the two above that are disabled. I know that unless a cipher is specifically disabled that it is enabled for the system to utilize. So if the 40-bit ciphers are disabled, and I see no record anywhere else of the two ciphers in question having different reg keys, shouldn't they in theory be disabled?
I look forward to the responses. I have included an attached file containing the schannel data in whole for perusal.