Disable RC4

email me

RC4 was designed in 1987 by Ron Rivest and is one of the most widely software stream cipher and used in popular protocols, such as SSL (protect Internet traffic), WEP (secure wireless networks) and PDF. It’s considered to be fast and simple in terms of software.

RC4 generates a pseudo-random stream of bits (a key-stream). As with any stream cipher, these can be used for encryption by combining it with the plaintext using bit-wise exclusive-or. Decryption is performed the same way (since exclusive-or is a symmetric operation). The reason many software vendors are dropping support for RC4 is due to the growing attack space and available exploits online. Because of these security concerns, Microsoft has also removed browser support for RC4 in IE11 and Edge.

To disable RC4 in your enterprise, create a script that will toggle these reg keys from 1 to 0 (you could use reg.exe to do this).

 
Scripting

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128” /v “Enabled” /t REG_DWORD /d 0 /f

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128” /v “Enabled” /t REG_DWORD /d 0 /f

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128” /v “Enabled” /t REG_DWORD /d 0 /f

 

Save as reg file

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
“Enabled”=dword:00000000

 

Reference

RC4 will no longer be supported in Microsoft Edge and IE11 [Updated]

How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll

Killing RC4: The Long Goodbye