Here are the most common questions asked about IIS Crypto. If you have any other questions, feel free to contact us.
We follow SSL/TLS best practices and prefer ECHDE for the key exchange to enable forward secrecy. We then chose the highest key length followed by the highest hash length....
Microsoft has not added TLS 1.3 to Windows yet. When they do, we will release an updated version of IIS Crypto with TLS 1.3 support....
Yes IIS Crypto is freeware and can be used in any environment including personal, commercial, etc. The full license agreement is below: IIS Crypto Copyright (c) 2011-2019 Nartac Software Inc. www.nart...
The FREAK attack is a vulnerability that allows HTTPS traffic to be intercepted. It does this but trying to force the server to use old cipher suites that have long been insecure. If you are running W...
Click the Templates button and select the Server Defaults template from the drop down box. Click the Apply button and reboot your server....
Yes. Most of the settings that IIS Crypto updates are system wide and unfortunately that requires a reboot....
There are a few reasons. First, make sure that you have clicked the Apply button and rebooted your server. Second, as of February 2020, the site scanner now caps scores with a B rating if TLS 1.0 or 1...
Yes. IIS Crypto has a separate checklist box for the client registry keys....
The logjam exploit is a man-in-the-middle attack that tries to downgrade TLS connections using the Diffie-Hellman key exchange to 512 bits. Using the Best Practices template in IIS Crypto disables all...
Originally IIS Crypto set the Protocols Enabled values to 0 or 1. However, we got a lot feedback that it broke some older software. Microsoft's own documentation states using 0xffffffff is the correct...