If you have been reading the blog lately you know I've been making configuration settings on my web servers to make my SSL implementation PCI compliant. I even made a video about it on my weekly video podcast Tech Chop. The thing is I didn't have any Windows 2008 R2 web servers in my environment, but I will pretty soon. That means I had to figure out how to basically set the same things in Windows 2008 R2.
In Windows 2003 in order to disable all weak ciphers, and pretty much any cipher except RC4 in order to mitigate the BEAST attack, you had to make registry changes. In Windows 2008 R2, you have to do this by creating a group policy. For this post, I'll just make a local group policy.
- Click WIN + R > type gpedit.msc and click OK
- Navigate to Computer Configuration > Administrative Templates > Network > SSL Configuration Settings
- Open SSL Cipher Suite Order and click the Enabled radio button
- In the Cipher Suites Box paste in TLS_RSA_WITH_RC4_128_SHA then click OK