CVE-2016-2183 remediation

CVE-2016-2183: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS

This vulnerability can be remediated using group policy.

• Computer Configuration > Administrative Templates > Network > SSL Configuration Settings
  • In SSL Cipher Suite Order, enable policy if it is not enable
  • Delete:
    • TLS_RSA_WITH_3DES_EDE_CBC_SHA
    • TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
• Quit Group Policy and restart server.

Using Powershell

• Get-TlsCipherSuite -Name DES
• Disable-TlsCipherSuite -Name TLS_RSA_WITH_3DES_EDE_CBC_SHA
• Get-TlsCipherSuite -Name DES to verify

Reference: NIST