Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Microsoft IIS webserver.

  1. Use IIS Crypto (free tool) to disable anonymous (NULL) cipher suites.

  2. Open IIS Crypto, select the "Best Practices" template or manually uncheck all cipher suites containing "ANON" or "NULL".

  3. Click Apply and reboot the server.

  4. Alternatively, disable the ciphers via the registry:

  5. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers

  6. Create a key for each anonymous cipher and set Enabled to 0.

Back to top