Share via

How to log or audit for any weak cyphers, encryption, or hashes in use?

EnterpriseArchitect 6,041 Reputation points
2024-06-06T08:05:15.2366667+00:00

How can I activate or run an audit on my Windows Server 2016, 2019, and 2022 Application, Web, and Database servers to verify if any weak cyphers, encryption, or hashes are in use?

I'm about to apply the following enforcement using the Group Policy Registry.

Disabling Weak Ciphers
	'RC4 40/128', 'RC4 56/128', 'RC4 64/128', 'RC4 128/128', 
	'RC2 40/128', 'RC2 56/128', 'RC2 128/128', 
	'DES 56/56', 
	'Triple DES 168'

Disabling Weak Encryption
	SSL 2.0 and 3.0
	TLS 1.0 and TLS 1.1
	
Disabling WDigest credentials caching

Only allowing secure encryption:
	TLS 1.2 and TLS 1.3

Only allowing secure Ciphers:
	'AES 128/128', 'AES 256/256'

Only allowing secure Hash:
	'MD5',
	'SHA', 'SHA256', 'SHA384', 'SHA512'

Thank you so much for your attention and participation.

Developer technologies | ASP.NET | ASP.NET Core
Windows for business | Windows Server | User experience | PowerShell
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
Developer technologies | .NET | Other
0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.