How to disable RC4 cipher on Azure Web Roles

Question

I have a web application that is hosted on Microsoft Azure Web-Role. How can I disable RC4 cipher?

Answer 1

The problem I encountered using a Powershell script was that the keys that require modifying contain a forward slash and Powershell treats this as a path separator and the script fails.

The solution was to create a console application and set that to run at start up:

class Program
{
    static void Main(string[] args)
    {
        string[] subKeys = new string[]
        {
            "RC4 40/128",
            "RC4 56/128",
            "RC4 64/128",
            "RC4 128/128",
        };

        RegistryKey parentKey = Registry.LocalMachine.OpenSubKey(
            @"SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers", true);

        foreach (string keyName in subKeys)
        {
            var newKey = parentKey.CreateSubKey(keyName);
            newKey.SetValue("Enabled", 0);
            newKey.Close();
        }
        parentKey.Close();
    }
}

Copy the output file (DisableRc4.exe in my case) to the root of the webrole and set to Copy Always

Create a file DisableRc4.cmd containing

.\DisableRc4.exe
EXIT /B 0

Update ServiceDefinition.csdef for your web role as follows

I verified RC4 support was removed using https://www.ssllabs.com/ssltest/index.html

Before startup modified

After