Disable insecure "RC4" ciphers
Apply Now
Works with Windows 10 and 11Works with Windows Vista, XP, 7, 8, 10, 11, and Windows Server 2008 or newer.
- Windows onlyThis script improves your privacy on Windows
- Single actionThis page belongs to a script, containing basic changes to achieve a task.
- Impact: Medium
System Functionality / Data Loss Risk: Moderate
This action improves privacy with minimal impact when you run the recommended script.
This action improves privacy with some impact when you run the recommended script. - Batch (batchfile)These changes use Windows system commands to update your settings.
- Administrator rights requiredThis script requires privilege access to do the system changes
- Fully reversible
You can fully restore this action (revert back to the original behavior) using this website.
The restore/revert methods provided here can help you fix issues.
Overview
This script disables the RC4 ciphers.
This script only affects the SSL/TLS handshake process. The SSL/TLS handshake is a key part of establishing a secure connection over the internet. By disabling this weak algorithm, the script improves the security of the connection.
Authorities like Microsoft 1 2 3 4 5, NIST (FIPS) 6, CIS 7, Federal Office for Information Security (BSI) 8, OWASP 9, and NSA (National Security Agency) 10 classify this algorithm as weak and recommend against its use.
This script disables these cipher algorithms:
RC4 128/1281 6 7 8 (128-bit RC4 6):- Enabled by default 6 7.
- Disabling it disallows the following cipher suites:
RC4 64/1282 6 7 8 (64-bit RC4 6):- Enabled by default 6.
- Disabling it affects the functionality of the **Microsoft Money application 6.
RC4 56/1283 6 7 8 (56-bit RC4 6):- Enabled by default 6.
- Disabling it disallows the following cipher suites:
RC4 40/1284 6 7 8 (40-bit RC4 6):- Enabled by default 6.
- Disabling this algorithm will disallow the following cipher suites:
Caution
This may cause compatibility issues with older devices or software.
Use with Caution
This script is only recommended if you understand its implications.
Some non-critical or features may no longer function correctly after running this script.
This script can be fully reversed to restore changes if something goes wrong.
Sources
PrivacyLearn.com maintains strict sourcing standards for accuracy, integrity and up-to-date content. Our content relies on authoritative sources including vendor documentation, industry standards, and verified research. Learn more about our verification process and quality standards in our editorial standards page.
- RC4 128/128. admx.help. (2024).
Original: https://admx.help
Archived: https://web.archive.org/web/20240421101752/https://admx.help/?Category=Schannel&Policy=JMU.Policies.Schannel::RC4_128 - RC4 64/128. admx.help. (2024).
Original: https://admx.help
Archived: https://web.archive.org/web/20240421101700/https://admx.help/?Category=Schannel&Policy=JMU.Policies.Schannel::RC4_64 - RC4 56/128. admx.help. (2024).
Original: https://admx.help
Archived: https://web.archive.org/web/20240421101714/https://admx.help/?Category=Schannel&Policy=JMU.Policies.Schannel::RC4_56 - RC4 40/128. admx.help. (2024).
Original: https://admx.help
Archived: https://web.archive.org/web/20240421101730/https://admx.help/?Category=Schannel&Policy=JMU.Policies.Schannel::RC4_40 - Security Advisory 2868725: Recommendation to disable RC4 - Security Research & Defense - Site Home - TechNet Blogs. (2015).
Original: http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx
Archived: https://web.archive.org/web/20150315105026/http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx - Restrict cryptographic algorithms and protocols - Windows Server. Microsoft Learn. learn.microsoft.com. (2024).
Original: https://learn.microsoft.com/en-us/troubleshoot/windows-server/certificates-and-public-key-infrastructure-pki/restrict-cryptographic-algorithms-protocols-schannel
Archived: https://web.archive.org/web/20240420183152/https://learn.microsoft.com/en-us/troubleshoot/windows-server/certificates-and-public-key-infrastructure-pki/restrict-cryptographic-algorithms-protocols-schannel - CIS Microsoft IIS 8 Benchmark v1.4.0. paper.bobylive.com. (2024).
Original: https://paper.bobylive.com/Security/CIS/CIS_Microsoft_IIS_8_Benchmark_v1_4_0.pdf
Archived: https://web.archive.org/web/20240421101142/https://paper.bobylive.com/Security/CIS/CIS_Microsoft_IIS_8_Benchmark_v1_4_0.pdf - Hilfsmittel zur Umsetzung von Anforderungen des IT Grundschutzes für Windows 10. Bundesamt für Sicherheit in der Informationstechnik. bsi.bund.de. (2024).
Original: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Hilfsmittel/Hilfsmittel_Anforderungen_des_IT_Grundschutzes_fuer_Windows_10.pdf
Archived: https://web.archive.org/web/20240402183249/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Hilfsmittel/Hilfsmittel_Anforderungen_des_IT_Grundschutzes_fuer_Windows_10.pdf?__blob=publicationFile&v=2 - WSTG - v4.2. OWASP Foundation. owasp.org. (2024).
Original: https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption.html
Archived: https://web.archive.org/web/20240421101557/https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption.html - Eliminating Obsolete Transport Layer Security (TLS) Protocol Configurations. National Security Agency. Cybersecurity Information. media.defense.gov. (2024).
Original: https://media.defense.gov/2021/Jan/05/2002560140/-1/-1/0/ELIMINATING_OBSOLETE_TLS_UOO197443-20.PDF
Archived: https://web.archive.org/web/20240429194121/https://media.defense.gov/2021/Jan/05/2002560140/-1/-1/0/ELIMINATING_OBSOLETE_TLS_UOO197443-20.PDF
Apply Now
Choose one of three ways to apply:
Download script
Download and run the script directly- No app needed
- Offline usage
- Easy-to-apply
- Free
- Open-source
Help
How to apply or restore "Disable insecure "RC4" ciphers" using script
- ≈ 2 min to complete
- Tools: Web Browser
- Difficulty: Simple
- ≈ 5 instructions
- 1
Download
Download the script file by clicking on the button above.
Use button above to restore changes. - 2
Keep the file
If warned by your browser, keep the file. - 3
Open
Open the downloaded file. - 4
Exit
Once it's done, press any key to exit the window. - 5
Restart
Restart your computer for all changes to take effect.
Apply with privacy.sexy
Guided, automated application with safety checks- Recommended for most users
- Includes safety checks
- Free
- Open-source
- Popular
- Offline/Online usage
Open privacy.sexy
Help
How to apply or restore "Disable insecure "RC4" ciphers" using privacy.sexy
- ≈ 3 min to complete
- Tools: privacy.sexy
- Difficulty: Simple
- ≈ 4 instructions
- 2
Choose script
- Search for the script name: Disable insecure "RC4" ciphers
- Check the script by clicking on the checkbox.
- 3
Run
Click on ▶️ Run button at the bottom of the page.This button only appears on desktop version (recommended). On browser, use 💾 Save button.
- Apply
- Revert
Apply changes
:: Disable the use of "RC4 128/128" cipher algorithm for TLS/SSL connections
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128!Enabled"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128'; $data = '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Disable the use of "RC4 64/128" cipher algorithm for TLS/SSL connections
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128!Enabled"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128'; $data = '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Disable the use of "RC4 56/128" cipher algorithm for TLS/SSL connections
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128!Enabled"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128'; $data = '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Disable the use of "RC4 40/128" cipher algorithm for TLS/SSL connections
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128!Enabled"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128'; $data = '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
Restore changes
Ijo6IFJlc3RvcmUgdGhlIHVzZSBvZiBcIlJDNCAxMjgvMTI4XCIgY2lwaGVyIGFsZ29yaXRobSBmb3IgVExTL1NTTCBjb25uZWN0aW9uc1xuOjogRGVsZXRlIHRoZSByZWdpc3RyeSB2YWx1ZSBcIkhLTE1cXFNZU1RFTVxcQ3VycmVudENvbnRyb2xTZXRcXENvbnRyb2xcXFNlY3VyaXR5UHJvdmlkZXJzXFxTQ0hBTk5FTFxcQ2lwaGVyc1xcUkM0IDEyOC8xMjghRW5hYmxlZFwiXG5Qb3dlclNoZWxsIC1FeGVjdXRpb25Qb2xpY3kgVW5yZXN0cmljdGVkIC1Db21tYW5kIFwicmVnIGRlbGV0ZSAnSEtMTVxcU1lTVEVNXFxDdXJyZW50Q29udHJvbFNldFxcQ29udHJvbFxcU2VjdXJpdHlQcm92aWRlcnNcXFNDSEFOTkVMXFxDaXBoZXJzXFxSQzQgMTI4LzEyOCcgL3YgJ0VuYWJsZWQnIC9mIDI+JG51bGxcIlxuOjogUmVzdG9yZSB0aGUgdXNlIG9mIFwiUkM0IDY0LzEyOFwiIGNpcGhlciBhbGdvcml0aG0gZm9yIFRMUy9TU0wgY29ubmVjdGlvbnNcbjo6IERlbGV0ZSB0aGUgcmVnaXN0cnkgdmFsdWUgXCJIS0xNXFxTWVNURU1cXEN1cnJlbnRDb250cm9sU2V0XFxDb250cm9sXFxTZWN1cml0eVByb3ZpZGVyc1xcU0NIQU5ORUxcXENpcGhlcnNcXFJDNCA2NC8xMjghRW5hYmxlZFwiXG5Qb3dlclNoZWxsIC1FeGVjdXRpb25Qb2xpY3kgVW5yZXN0cmljdGVkIC1Db21tYW5kIFwicmVnIGRlbGV0ZSAnSEtMTVxcU1lTVEVNXFxDdXJyZW50Q29udHJvbFNldFxcQ29udHJvbFxcU2VjdXJpdHlQcm92aWRlcnNcXFNDSEFOTkVMXFxDaXBoZXJzXFxSQzQgNjQvMTI4JyAvdiAnRW5hYmxlZCcgL2YgMj4kbnVsbFwiXG46OiBSZXN0b3JlIHRoZSB1c2Ugb2YgXCJSQzQgNTYvMTI4XCIgY2lwaGVyIGFsZ29yaXRobSBmb3IgVExTL1NTTCBjb25uZWN0aW9uc1xuOjogRGVsZXRlIHRoZSByZWdpc3RyeSB2YWx1ZSBcIkhLTE1cXFNZU1RFTVxcQ3VycmVudENvbnRyb2xTZXRcXENvbnRyb2xcXFNlY3VyaXR5UHJvdmlkZXJzXFxTQ0hBTk5FTFxcQ2lwaGVyc1xcUkM0IDU2LzEyOCFFbmFibGVkXCJcblBvd2VyU2hlbGwgLUV4ZWN1dGlvblBvbGljeSBVbnJlc3RyaWN0ZWQgLUNvbW1hbmQgXCJyZWcgZGVsZXRlICdIS0xNXFxTWVNURU1cXEN1cnJlbnRDb250cm9sU2V0XFxDb250cm9sXFxTZWN1cml0eVByb3ZpZGVyc1xcU0NIQU5ORUxcXENpcGhlcnNcXFJDNCA1Ni8xMjgnIC92ICdFbmFibGVkJyAvZiAyPiRudWxsXCJcbjo6IFJlc3RvcmUgdGhlIHVzZSBvZiBcIlJDNCA0MC8xMjhcIiBjaXBoZXIgYWxnb3JpdGhtIGZvciBUTFMvU1NMIGNvbm5lY3Rpb25zXG46OiBEZWxldGUgdGhlIHJlZ2lzdHJ5IHZhbHVlIFwiSEtMTVxcU1lTVEVNXFxDdXJyZW50Q29udHJvbFNldFxcQ29udHJvbFxcU2VjdXJpdHlQcm92aWRlcnNcXFNDSEFOTkVMXFxDaXBoZXJzXFxSQzQgNDAvMTI4IUVuYWJsZWRcIlxuUG93ZXJTaGVsbCAtRXhlY3V0aW9uUG9saWN5IFVucmVzdHJpY3RlZCAtQ29tbWFuZCBcInJlZyBkZWxldGUgJ0hLTE1cXFNZU1RFTVxcQ3VycmVudENvbnRyb2xTZXRcXENvbnRyb2xcXFNlY3VyaXR5UHJvdmlkZXJzXFxTQ0hBTk5FTFxcQ2lwaGVyc1xcUkM0IDQwLzEyOCcgL3YgJ0VuYWJsZWQnIC9mIDI+JG51bGxcIiI=
Help
How to apply or restore "Disable insecure "RC4" ciphers" using commands
- ≈ 2 min to complete
- Tools: Command Prompt
- Difficulty: Medium
- ≈ 3 instructions
- 1
Open Command Prompt
Open Command Prompt as Administrator. - 2
Copy code
Copy the code: - 3
Paste & run
Paste the commands into Command Prompt and press Enter to run.Some changes require a system restart to take effect
Similar Guides
Wider Goal
Guides below includes this guide to achieve a wider goal.See other more general settings that includes this one as one of its actions.
These plans combine multiple privacy settings, including this one, for stronger protection.
- Disable insecure ciphers
- Disable insecure connections
- Improve network security
- Security improvements
This category improves network security by disabling outdated and less secure cipher suites. Cipher suites are sets of cryptographic algorithms used to secure netw...
This category includes scripts designed to enhance users' security and privacy by disabling outdated or vulnerable connections across the system. It safeguards dat...
This category is dedicated to improving network security. It aims to minimize vulnerabilities by offering various settings that improve the integrity and confident...
This category encompasses a range of scripts designed to improve the security of your system by enforcing security best practices. These scripts help protect your ...
Same Goal
Other guides in Disable insecure ciphersSee settings that are in the same category as this guide.
Using other actions in the same category may help you achieve your goal better.
About the Creators
These people have authored this documentation and written its scripts:
undergroundwires- Certified security professional
- 7+ years experience securing banks
- Open-source developer since 2005
- EU advisor, Public Speaker, Moderator
- Open-Source Contributors
- Hundreds across the globe
- Testers, reviewers, developers
- Companies, military agencies
- Community since 2017
Reviewed By
This guide has undergone comprehensive auditing and peer review:Expert review by undergroundwires
- Verified technical accuracy and editorial standards
- Assessed system impact and user privacy risks
Public review by large community
- Privacy enthusiasts and professionals peer-reviewed
- Millions of end-users tested across different environments
History
We continually monitor our guides, their impact and all other privacy options. We update our guides when new information becomes available. On every update, we publicly store who made the change, what has been changed, why the change was made and when the change was made.