This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 96%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
Hello,
I would like to figure out how to remediate CVE-2016-2183. It is the Birthday attacks against TLS ciphers with 64bit (Sweet32)
currently i did the following:
Disable-TlsCipherSuite -Name "TLS_RSA_WITH_3DES_EDE_CBC_SHA" in the regkey "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168"
However, even after this is ran the vulnerability still exists. What can be done to remediate this CVE.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
The correct way to do this is not through the registry. Use below TlsCipherSuite cmdlet from https://learn.microsoft.com/en-us/powershell/module/tls/disable-tlsciphersuite?view=windowsserver2022-ps&viewFallbackFrom=winserver2012-ps
Disable-TlsCipherSuite -Name 'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 4%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMF%3C/text%3E%3C/svg%3E)
The command in this answer worked without any issues. Just remember to run the command in PowerShell as administrator otherwise it will not work.
Hello Jessica Rojas,
Thank you for posting in our Q&A forum.
Is your machine in a workgroup instead of in any domain?
You can restart the machine to see if it helps.
If it does not work, you can disable it by removing it from registry below: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002 and then restart the machine.
Similar thread for your reference.
https://learn.microsoft.com/en-us/answers/questions/348323/how-to-disable-3des-and-rc4-on-windows-server-2019
Tip: Please back up registry before you change it.
**
After that, we can run command below to check if it is disabled successfully.
**
Get-TlsCipherSuite -Name 3DES
Hope the information above is helpful. If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
==========================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
What if the computer is on a domain instead of workgroup?
Hello Jessica Rojas,
Thank you for your reply.
If your machine is in one domain, the changes you made may be reverted after domain policy refresh, because there may be still such setting in the domain.
Hope the information above is helpful. If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
==========================================
If the Answer is helpful, please click "Accept Answer" and upvote it.