How to log or audit for any weak cyphers, encryption, or hashes in use?

EnterpriseArchitect 4,916 Reputation points
2024-06-06T08:05:15.2366667+00:00

How can I activate or run an audit on my Windows Server 2016, 2019, and 2022 Application, Web, and Database servers to verify if any weak cyphers, encryption, or hashes are in use?

I'm about to apply the following enforcement using the Group Policy Registry.

Disabling Weak Ciphers
	'RC4 40/128', 'RC4 56/128', 'RC4 64/128', 'RC4 128/128', 
	'RC2 40/128', 'RC2 56/128', 'RC2 128/128', 
	'DES 56/56', 
	'Triple DES 168'

Disabling Weak Encryption
	SSL 2.0 and 3.0
	TLS 1.0 and TLS 1.1
	
Disabling WDigest credentials caching

Only allowing secure encryption:
	TLS 1.2 and TLS 1.3

Only allowing secure Ciphers:
	'AES 128/128', 'AES 256/256'

Only allowing secure Hash:
	'MD5',
	'SHA', 'SHA256', 'SHA384', 'SHA512'

Thank you so much for your attention and participation.

.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,521 questions
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,281 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,403 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,760 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,216 questions
0 comments No comments
{count} votes