Posted in IIS

SSL Cipher suites and protocols in IIS

Let’s say your website gets a security revision, let’s also say that this revision was not particularly positive about your IIS being able to use SSL 3.0 or other deprecated protocols.

While Microsoft recommends changing or adding various registry settings you soon realise that this revision wasn’t a smooth start of the day.

disable-ssl2-in-iis

But wait, there is an app for that

Close regedit and instead download IISCrypto from Nartac. With IISCrypto you can easily disable protocols and cipher suites as well as change the priority of cipher suites.

The application does not need any installation, so just right click on IISCrypto.exe and choose “Run as administrator”.

iiscrypto

Click the “Best Practice” button, then “Apply” and close IISCrypto. You will now have to restart the server for the changes to take effect.

But wait, how do I know I fixed it?

Open your favourite web browser and open up https://www.ssllabs.com/ssltest/index.html.

Add your domain name and click “Submit” to let them do the magic.

If you are lucky you get an A and a result similar to this:

ssllabs

Now just wait for the pat on the back!

like

Leave a Reply