On the Symantec SPE server, vulnerability CVE-2016-2183 has been identified and the suggested solution is to disable RC4 and 3DES, is it possible to disable these protocols on the server without disruption or malfunctioning between the proxy and this server? if yes, how to disable them?
Release : 8.2.2
1. To disable RC4 and 3DES, In the Command Prompt, type regedit and press Enter, remove HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002, and then restart the server.
2. However, Vulnerability CVE-2016-2183 refers to OpenSSL implementation of SSLv2 protocol and SPE SPE does not support SSLv2 protocol for UI communication which is an older and insecure version of SSL/TLS protocol. Is Symantec Protection Engine (SPE) for CS/NAS affected by CVE-2016-0800 (DROWN) vulnerability?
Note:
For more information, reach out to Microsoft Support for any further questions.