Hello,
I was referred to y'all by the folks at answers.microsoft.com. They said you would be better suited to help me. I asked a question regarding how to remove support for RC4 in Internet Explorer 11 on Windows 7 Professional 32. I read an article on TechNet.Microsoft.com that says I must have update 2868725 installed in order to do this. I do have this update installed. Then I read also on TechNet the following steps to disable RC4:
How to completely disable RC4
Note You must install this security update (2868725) before you make the following registry change to completely disable RC4.
Clients and servers that do not want to use RC4 regardless of the other party’s supported ciphers can disable RC4 cipher suites completely by setting the following registry keys. In this manner, any server or client that is talking to a client or server that
must use RC4 can prevent a connection from occurring. Clients that deploy this setting will be unable to connect to sites that require RC4, and servers that deploy this setting will be unable to service clients that must use RC4.
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000 - [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000 - [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000
My problem is that when I went to the registry to adjust these key values, there is nothing under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers.
There are no ciphers listed at all. The key reads Name (Default) Type (Reg_Sz) Data (Value not set)
The key reads the same for Cipher Suites, Hashes, and Key Exchange Algorithms. This has me concerned.
The key under SCHANNEL is WDigest.
The first entry is in red, Name (default) Type (Reg_Sz) Data (Value not set)
The second entry is in blue. Name Debug Level Type Reg_D_Word Data 00000000 (0)
The third entry is red. Name Digest Encryption Algorithm Type Reg_Sz Data 3des, rc4
The fourth entry is blue, Name Negotiate Type Reg_D_Word Data 00000000 (0)
The fifth entry is blue, Name UTF8 HTTP Type Reg_D_Word Data 00000001 (1)
The sixth entry is blue, Name UTF8 SASL Type Reg_D_Word Data 00000001 (1)
I don't know what to make of this. I would like to remove RC4 but I'm confused by the discrepancy between the instructions provided by TechNet and what I actually se in my registry. I don't trust any sites except Microsoft for advice on how to make adjustments to my computer, and I'm not in the habit of making changes to the registry.
Any advice you can give me would be much appreciated. Thank you.