CVE-2016-2183: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
This vulnerability can be remediated using group policy.
- Computer Configuration > Administrative Templates > Network > SSL Configuration Settings
- In SSL Cipher Suite Order, enable policy if it is not enable
- Delete:
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
- Quit Group Policy and restart server.
Using Powershell
- Get-TlsCipherSuite -Name DES
- Disable-TlsCipherSuite -Name TLS_RSA_WITH_3DES_EDE_CBC_SHA
- Get-TlsCipherSuite -Name DES to verify
Reference: NISTÂ