I ran the script against my Windows 7/Server 2008R2 VMs and found that they were offering up RC4 and MD5 for RDP!
Example with defaults
nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995,3389 192.168.10.135
mhubbard@1S1K-SYS76:~/Dropbox/Python/Scripts$ nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995,3389 192.168.10.135
Starting Nmap 7.50 ( https://nmap.org ) at 2017-07-08 10:28 PDT
Nmap scan report for 192.168.10.135
Host is up (0.0052s latency).
PORT STATE SERVICE
443/tcp closed https
465/tcp closed smtps
993/tcp closed imaps
995/tcp closed pop3s
3389/tcp open ms-wbt-server
| ssl-cert: Subject: commonName=WIN-L6HBT78G89G.pu.pri
| Issuer: commonName=WIN-L6HBT78G89G.pu.pri
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2017-05-27T19:55:04
| Not valid after: 2017-11-26T19:55:04
| MD5: 6429 05ea b708 ffa1 fb56 cd62 8a7e 8acb
|_SHA-1: c160 c6b5 8d2c 0702 b86b fa8b c717 d25c 44a1 89df
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
| Ciphersuite uses MD5 for message integrity
| Key exchange (dh 1024) of lower strength than certificate key
| Weak certificate signature: SHA1
|_ least strength: C
Nmap done: 1 IP address (1 host up) scanned in 5.74 seconds
Enabling FIPS
Then I enabled FIPS level security per this MS document Tip: Secure RDS (Remote Desktop Services) Connections with SSL. This is worse, as you lose the ECDHE and AES suites and get 3DES and SHA1!
Example after enabling FIPS
mhubbard@1S1K-SYS76:~/Dropbox/Python/Scripts$ nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995,3389 192.168.97.135
Starting Nmap 7.50 ( https://nmap.org ) at 2017-07-08 13:50 PDT
Nmap scan report for 192.168.97.135
Host is up (0.00058s latency).
PORT STATE SERVICE
443/tcp closed https
465/tcp closed smtps
993/tcp closed imaps
995/tcp closed pop3s
3389/tcp open ms-wbt-server
| ssl-cert: Subject: commonName=FFKN25S
| Issuer: commonName=FFKN25S
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2017-07-07T19:43:57
| Not valid after: 2018-01-06T19:43:57
| MD5: 835d ab76 7752 5d8a 4a3e d5d9 5fc3 4248
|_SHA-1: ac32 dc26 ae9d 2308 405e 595f 0e9f 4102 f661 8341
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: indeterminate
| cipher preference error: Too few ciphers supported
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Weak certificate signature: SHA1
|_ least strength: C
Nmap done: 1 IP address (1 host up) scanned in 6.97 seconds
Manually Disable RC4/3DES
Then I found this tool [IIS Crypto] and disabled RC4/Triple DES in the ciphers column. It's still using TLS1.0 but at least it's not offering up RC/3DES.
Example After Running IISCryto
mhubbard@1S1K-SYS76:~/Dropbox/Python/Scripts$ nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995,3389 192.168.97.135
Starting Nmap 7.50 ( https://nmap.org ) at 2017-07-08 14:35 PDT
Nmap scan report for 192.168.97.135
Host is up (0.00031s latency).
PORT STATE SERVICE
443/tcp closed https
465/tcp closed smtps
993/tcp closed imaps
995/tcp closed pop3s
3389/tcp open ms-wbt-server
| ssl-cert: Subject: commonName=FFKN25S
| Issuer: commonName=FFKN25S
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2017-07-07T19:43:57
| Not valid after: 2018-01-06T19:43:57
| MD5: 835d ab76 7752 5d8a 4a3e d5d9 5fc3 4248
|_SHA-1: ac32 dc26 ae9d 2308 405e 595f 0e9f 4102 f661 8341
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp521r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp521r1) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| warnings:
| Weak certificate signature: SHA1
|_ least strength: A
Nmap done: 1 IP address (1 host up) scanned in 7.39 seconds
Enabling TLS 1.1/1.2
Finally, I found this article How do I disable TLS 1.0 without breaking RDP? which pointed me to this MS KB - KB3080079. That update enabled TLS1.1/1.2. It's really hard to believe that MS thinks a patch to drop RC4 and 3DES is "optional".
mhubbard@1S1K-SYS76:~/Dropbox/Python/Scripts$ nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995,3389 192.168.97.135
Starting Nmap 7.50 ( https://nmap.org ) at 2017-07-08 15:00 PDT
Nmap scan report for 192.168.97.135
Host is up (0.0021s latency).
PORT STATE SERVICE
443/tcp closed https
465/tcp closed smtps
993/tcp closed imaps
995/tcp closed pop3s
3389/tcp open ms-wbt-server
| ssl-cert: Subject: commonName=FFKN25S
| Issuer: commonName=FFKN25S
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2017-07-07T19:43:57
| Not valid after: 2018-01-06T19:43:57
| MD5: 835d ab76 7752 5d8a 4a3e d5d9 5fc3 4248
|_SHA-1: ac32 dc26 ae9d 2308 405e 595f 0e9f 4102 f661 8341
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp521r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp521r1) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| warnings:
| Weak certificate signature: SHA1
| TLSv1.1:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp521r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp521r1) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| warnings:
| Weak certificate signature: SHA1
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp521r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp521r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp521r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp521r1) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| warnings:
| Weak certificate signature: SHA1
|_ least strength: A
Nmap done: 1 IP address (1 host up) scanned in 7.34 seconds
Now that the RDP server is offering up TLS1.2 we need to make a couple changes to the server so that the client will connect using TLS instead of the RDP protocol.
Open gpedit.msc and navigate to "ComputerConfigurationn, Administrative Templates, Windows Components, Remote Desktop Services, Remote Desktop Session Host, Security"
Then double click on "Set Client Encryption level"
Require use of specific security layer for remote (RDP) Connections. Set it to Negotiate or SSL(TLS 1.0). This will negotiate the highest level that the client supports.
Setting the RDP server to use TLS
Now that the RDP server is offering up TLS1.2 we need to make a couple changes to the server so that the client will connect using TLS instead of the RDP protocol.
Open gpedit.msc and navigate to "ComputerConfigurationn, Administrative Templates, Windows Components, Remote Desktop Services, Remote Desktop Session Host, Security"
Then double click on "Set Client Encryption level"
Require use of specific security layer for remote (RDP) Connections. Set it to Negotiate or SSL(TLS 1.0). This will negotiate the highest level that the client supports.
Connecting to the VM from a 2012 server I could see that TLS1.2 was used with either setting.
References
Cipher Suites in TLS/SSL (Schannel SSP)Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2
Default cipher suites and their preferred order for every Windows Server version