Use of the RC4 cipher in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions. Applications that target .Net version 4.x running on multiple Windows versions could be vulnerable to these types of attacks. The registry settings in this requirement will prevent .Net applications that target the 4.x framework from selecting and utilizing the Schannel.dll RC4 cipher for TLS connections. Applications that use TLS when connecting to remote systems will perform a handshake and negotiate the TLS version and cipher that is to be used between the client and the server. This is standard protocol for all TLS connections. If the server and client are not configured to use the same TLS version and cipher, the TLS connection may fail. Applications should be tested with these registry settings prior to production implementation of the fix in order to avoid application outages.

MS DotNet Framework 4STIG
  • Microsoft DotNet Framework 4.0 STIG
    • 1. I - Mission Critical Classified
    • 2. I - Mission Critical Public
    • 3. I - Mission Critical Sensitive
    • 4. II - Mission Support Classified
    • 5. II - Mission Support Public
    • 6. II - Mission Support Sensitive
    • 7. III - Administrative Classified
    • 8. III - Administrative Public
    • 9. III - Administrative Sensitive

Cyberisc is a full featured, FREE, compliance and vulnerability scanner that makes it easy to enforce industry standard security configurations across your infrastructure in minutes. Automate your compliance and vulnerability scans and increase your visibility of insecure systems. Harden your infrastructure by patching and configuring your systems with industry standard security configurations. Audit all your systems and meet government & industry regulations.