Disabling the RC4 Cipher

By editing the registry, you can completely disable the RC4 cipher on Windows platforms.

Jan De Clercq

January 23, 2014

1 Min Read
White letters QA on red background

What can we do to limit or exclude the use of the RC4 stream cipher on our Windows platforms? What are the Microsoft recommendations for disabling RC4?

Answer: Microsoft recommends that customers use Transport Layer Security 1.2 (TLS) 1.2 and the more secure Advanced Encryption Standard - Galois/Counter Mode (AES-GCM) cipher as the RC4 alternative. You can find out more information about this recommendation in the TechNet blog "Security Advisory 2868725: Recommendation to disable RC4."

Internet Explorer 11 (IE 11), which is bundled with Windows 8.1, enables TLS 1.2 by default and no longer uses RC4 during the SSL/TLS handshake. More details about this can be found in the MSDN blog "IE11 Automatically Makes Over 40% of the Web More Secure While Making Sure Sites Continue to Work."

Microsoft also released a patch that provides support for the IE 11 and Windows 8.1 RC4 changes on Windows 8, Windows 7, Windows RT, Windows Server 2012, and Windows Server 2008 R2. You can find more information about the patch in the Microsoft Support article "Microsoft security advisory: Update for disabling RC4."

The RC4 cipher can be completely disabled on Windows platforms by setting the "Enabled" (REG_DWORD) entry to value 00000000 in the following registry locations:

Related:Mainframe Technology Is Far From Obsolete

  • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC4 128/128

  • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC4 40/128

  • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC4 56/128

Windows clients that have these registry entries set won't be able to connect to sites that require RC4. Windows servers that have these registry entries set won't be able to service clients that must use RC4.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like