1.7.12 Configure AES 128/128 Cipher Suite

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This item is Not Scored for the following reasons: Enabling AES 256/256 is recommended. This cipher does not suffer from known practical attacks.

Solution

to enable aes 128/128, ensure the following key is set to 0xffffffff: hklm\system\currentcontrolset\control\securityproviders\schannel\ciphers\aes 128/128\enabled

See Also

https://benchmarks.cisecurity.org/tools2/iis/CIS_Microsoft_IIS_7_Benchmark_v1.7.1.pdf

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8

Plugin: Windows

Control ID: 0be631fca33f7d68094b4e4427cc12c0efff581abdadf3f12c2feb9a49ba09e4