Here are the most common questions asked about IIS Crypto. If you have any other questions, feel free to contact us.
We follow SSL/TLS best practices and prefer ECHDE for the key exchange to enable forward secrecy. We then chose the highest key length followed by the highest hash length....
Microsoft released a patch on November 11, 2014 to address a vulnerability in SChannel that could allow remote code execution. This patch included 4 new cipher suites for Windows Server versions 2008 ...
Originally IIS Crypto set the Protocols Enabled values to 0 or 1. However, we got a lot feedback that it broke some older software. Microsoft's own documentation states using 0xffffffff is the correct...
Yes IIS Crypto is freeware and can be used in any environment including personal, commercial, etc. The full license agreement is below: IIS Crypto Copyright (c) 2011-2019 Nartac Software Inc. www.nart...
Click the Templates button and select the Server Defaults template from the drop down box. Click the Apply button and reboot your server....
The FREAK attack is a vulnerability that allows HTTPS traffic to be intercepted. It does this but trying to force the server to use old cipher suites that have long been insecure. If you are running W...
There are a few reasons. First, make sure that you have clicked the Apply button and rebooted your server. Second, as of February 2020, the site scanner now caps scores with a B rating if TLS 1.0 or 1...
Yes. Most of the settings that IIS Crypto updates are system wide and unfortunately that requires a reboot....
The logjam exploit is a man-in-the-middle attack that tries to downgrade TLS connections using the Diffie-Hellman key exchange to 512 bits. Using the Best Practices template in IIS Crypto disables all...
Yes. IIS Crypto has a separate checklist box for the client registry keys....