AnsweredAssumed Answered

Policy Compliance - Custom Registry Text Value

Question asked by theone2018 on Feb 20, 2019
Latest reply on Feb 21, 2019 by derekv

I have a ticket open with support, but since that may take a while to get an answer I am going to ask here.  I also tried exporting out a pre-configured policy but the value data is cryptic and doesn't help infer what needs to be configured.

 

In Nessus this is very easy, but in Qualys this is more challenging.  What is the correct way to search and verify that all those ciphers in that order are listed?

 

  • Registry Hive: HKLM
  • Registry Key: SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002
  • Registry Name: Functions
  • Date Type: String
  • Operator: Regular Expression
  • Default Value: (What is the correct way to express this value)?

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA

 

 

I have included a screenshot of what I am trying to grab in case there are other issues wrongs with my criteria.

 

Outcomes