Microsoft KB Archive/216482

= How to control the ciphers for SSL and TLS =

Article ID: 216482

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Internet Information Services 6.0
 * Microsoft Internet Information Services 5.0

-



This article was previously published under Q216482



Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SUMMARY
Secure Socket Layer (SSL) and Transport Layer Security (TLS) both have the ability to use different ciphers, depending on the abilities of the connecting client. By default, all ciphers can be used; however, you can also choose the ciphers you want to allow (for example, only allowing RC4 using 64/128 and Skipjack for Fortezza). It is important to note that changing these values will affect ciphers on the entire computer. Internet Explorer, for example, uses the same registry entries to determine the ciphers that are available for use.



MORE INFORMATION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To choose the ciphers you want to allow, perform the following steps:  Click Start, point to Run, and type "Regedt32.exe" (without the quotation marks). Locate the following registry key:

 In the list of available ciphers, select one of the ciphers you do not want to use. In the right pane, view the "Enabled" value for this entry. The value can be one of the following:

0xffffffff (enabled)

0x0 (disabled)

 Click Enabled, choose Edit, and then choose Modify. In the "Edit DWORD Value" window, make sure that the Value is set to Enabled and that the Base Value is set to Hexadecimal. In the Value Data box, delete the previous value and change it to enabled or disabled by entering 0 (zero) for disabled, or "ffffffff" (without the quotation marks) for enabled.</li> Click OK.</li> Restart the computer.</li></ol>

<div class="references_section">