Here are the most common questions asked about IIS Crypto. If you have any other questions, feel free to contact us.
Every version of Windows has a different cipher suite order. Depending on what Windows Updates the server has applied, the order can be different even with the same version of Windows. These were gath...
To enable/disable protocols, ciphers and hashes, IIS Crypto modifies the registry key and child nodes here: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Un...
Yes. The default security layer in RDP is set to Negotiate which supports both SSL (TLS 1.0) and the RDP Security Layer. However, if you set the security layer to SSL (TLS 1.0) and disable TLS 1.0 in ...
If you are running Windows Server 2019, open the Internet Information Services (IIS) Manager and click on the website. Click on HSTS. Check Enable and set the Max-Age to 31536000 (1 year). Check Inclu...
Microsoft has renamed most of cipher suites for Windows Server 2016. We list both sets below. Windows Server 2016 and higher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA25...
Unfortunately if you disable TLS 1.0 you will break some user's connections. All versions of Internet Explorer on Windows Vista and older as well as Android versions 4.3 and lower will not be able to ...
While TLS_RSA_WITH_AES_256_GCM_SHA384 and TLS_RSA_WITH_AES_128_GCM_SHA256 were included, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 were not. The latter were not inclu...
The Site Scanner requires the following combination of settings in order to get an A+: Only TLS 1.2 can be used At least one cipher suite must support Authenticated Encryption (AEAD) HTTP Strict Trans...
When IIS Crypto is first run on a server that has not be setup, the check boxes will be grey. This means that no settings has been specified and the defaults for the operating system will be used. Whe...
Microsoft has not added TLS 1.3 to Windows yet. When they do, we will release an updated version of IIS Crypto with TLS 1.3 support....