AnsweredAssumed Answered

Disabling 3DES

Question asked by adamc on May 30, 2018
Latest reply on Jun 25, 2018 by adamc

I am working to disable 3DES in our enterprise.  Right now we have pushed out a GPO to disable 3DES on Windows servers via documentation by Microsoft (https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc).  Prior to setting the registry key, we were seeing detection's over ports 3389 and 443.  After setting the registry key, detection's for 3389 and 443 are no longer detected.

 

Additional scans of some servers, focusing on web servers, we found no detection of 3DES for port 443 and 3389, however, the assigned port for the web service was detected with 3DES.  I followed this up with a test using nmap and confirmed this to be true.

 

For Windows OS, I was under the impression that configuring the regkey in SCHANNEL would disable 3DES entirely.  Is anyone seeing similar instances or found a working solution?

Outcomes