- Remove SSLv3 support
- Remove RC4 cypher support
- enforce 2048-bit keys (Diffie-Hellman)
See the enclosed reg file.
Last active
December 6, 2017 10:25
-
-
Save paveljurca/148cc8b91fe0f741c22ea8846266b535 to your computer and use it in GitHub Desktop.
IIS SSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman] | |
| "ServerMinKeyBitLength"=dword:00000800 | |
| ; Following taken from https://samrueby.com/2015/06/08/how-to-disable-sslv3-and-rc4-ciphers-in-iis/ | |
| [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0] | |
| [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] | |
| "DisabledByDefault"=dword:00000001 | |
| [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] | |
| "Enabled"=dword:00000000 | |
| [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128] | |
| "Enabled"=dword:00000000 | |
| [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128] | |
| "Enabled"=dword:00000000 | |
| [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128] | |
| "Enabled"=dword:00000000 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment