none
Does IIS 7 Windows 2008 still support 40-bit SSL connection RRS feed

  • Question

  • Due to some limitations, I will have to enable 40-bit SSL connection to application which is hosted on Windows 2008 Standard x64 through IIS 7.

    I come to know that Windows 2008 has disabled the weak ciphers by default, but could anyone tell me if Windows 2008 still support 40-bit SSL connection, and how to enable it?

    Things that I had tried but 40-bit SSL connection still failed to establish

    1) Unchecked the option "Require 128-bit SSL" for the application's SSL settings in the IIS Manager

    2) Follow the guide that restrict the use of certain crypto algo (http://support.microsoft.com/kb/245030) and set the flag of 0xFFFFFFFF to the following items and restarted the server (I had also tried with flag of 0x1)

       (i) Ciphers\DES56/56

       (ii) Ciphers\NULL

       (iii) Ciphers\RC2 40/128

       (iv) Ciphers\RC2 56/128

       (v) Ciphers\RC4 40/128

       (vi) Ciphers\RC4 56/128

     

    Any ideas? I will be very grateful for all your replies and ideas.

    Friday, December 3, 2010 1:17 AM

All replies

  • We have the same problem...
    Tuesday, April 19, 2011 10:05 AM
  • RC4 and RC2 are the only 2 40 bit ciphers which would allow that 40 bt ssl connnection you are looking for.

     

    I guess only RC4 is supported on Windows server 2008. Also IIS 7 doesn't contain any code which supports SSL. It relies on the underlying OS component Schannel for this.

     

    As metnioned in the above article, To allow this cipher algorithm, change the DWORD value data of the Enabled value to 0xffffffff.

    ========================================

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
    "Enabled"=dword:00000000

    ========================================

    Tuesday, October 4, 2011 11:12 PM