In a previous article, I talked about how you can solve the Diffie-Hellman warning on Qualys SSLLabs test, by applying a registry configuration.
Now, we’ll talk about another common warning that most AWS EC2 customer can get. By default, we got that security issue from SSLLabs:
This server accepts RC4 cipher, but only with older protocols. Grade capped to B.
Solution
Microsoft proposes a solution for disabling the 3 weak RC4 cipher suites in that article.
You need to create 1 new registry entry. Create an empty text file called rc4fix.reg, and paste that content to it:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128] "Enabled"=dword:00000000
Then, double-click on it to apply these settings, an reboot.
Finally, run your SSL test again, that warning disappeared.