Windows Server 2008,Windows Server 2008 R2,Windows Server 2012
By default, Diffie-Hellman key exchange is enabled. (Other default configuration settings are such that this algorithm may never be selected.)
The procedures to disable the algorithm are slightly more complex due to differences in the Registry structure.
To disable Diffie-Hellman key exchange:
- Run Regedit
- To access Key Exchange algorithm settings, navigate to the following Registry location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SChannel\KeyExchangeAlgorithms - Create a new sub key named Diffie-Hellman
- Within the key Diffie-Hellman, create a DWORD value
- Name: Enabled
- Value Data: 0
To re-enable Diffie-Hellman key exchange, set the Hexadecimal value data of "Enabled" to 0xffffffff (or simply delete the "Enabled" value)
0 Kommentare