Share via

How to log or audit for any weak cyphers, encryption, or hashes in use?

EnterpriseArchitect 6,021 Reputation points
2024-06-06T08:05:15.2366667+00:00

How can I activate or run an audit on my Windows Server 2016, 2019, and 2022 Application, Web, and Database servers to verify if any weak cyphers, encryption, or hashes are in use?

I'm about to apply the following enforcement using the Group Policy Registry.

Disabling Weak Ciphers
	'RC4 40/128', 'RC4 56/128', 'RC4 64/128', 'RC4 128/128', 
	'RC2 40/128', 'RC2 56/128', 'RC2 128/128', 
	'DES 56/56', 
	'Triple DES 168'

Disabling Weak Encryption
	SSL 2.0 and 3.0
	TLS 1.0 and TLS 1.1
	
Disabling WDigest credentials caching

Only allowing secure encryption:
	TLS 1.2 and TLS 1.3

Only allowing secure Ciphers:
	'AES 128/128', 'AES 256/256'

Only allowing secure Hash:
	'MD5',
	'SHA', 'SHA256', 'SHA384', 'SHA512'

Thank you so much for your attention and participation.

.NET
.NET
Microsoft Technologies based on the .NET software framework.
4,103 questions
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,815 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,693 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,902 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,973 questions
0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.