Here are the most common questions asked about IIS Crypto. If you have any other questions, feel free to contact us.
Yes IIS Crypto is freeware and can be used in any environment including personal, commercial, etc. The full license agreement is below: IIS Crypto Copyright (c) 2011-2019 Nartac Software Inc. www.nart...
We follow SSL/TLS best practices and prefer ECHDE for the key exchange to enable forward secrecy. We then chose the highest key length followed by the highest hash length....
The FREAK attack is a vulnerability that allows HTTPS traffic to be intercepted. It does this but trying to force the server to use old cipher suites that have long been insecure. If you are running W...
Click the Templates button and select the Server Defaults template from the drop down box. Click the Apply button and reboot your server....
Yes. IIS Crypto has a separate checklist box for the client registry keys....
There are a couple reasons. First, make sure that you have clicked the Apply button and rebooted your server. The other common reason we have seen is that there is a proxy or load balancer in front of...
Yes. Most of the settings that IIS Crypto updates are system wide and unfortunately that requires a reboot....
Microsoft has not added TLS 1.3 to Windows yet. When they do, we will release an updated version of IIS Crypto with TLS 1.3 support....
The logjam exploit is a man-in-the-middle attack that tries to downgrade TLS connections using the Diffie-Hellman key exchange to 512 bits. Using the Best Practices template in IIS Crypto disables all...
The Site Scanner tries to load all of the host names that have been configured in IIS. The site must be running, have a host name and HTTPS specified in the bindings. If the binding only has an IP add...