We help IT Professionals succeed at work.

IIS 6 128-bit encyrption

danfiggolf
danfiggolf asked
on
Is it true that the encryption level is tied to the certification:
About the Require secure channel (SSL) button.  I think we keep that unchecked even for 7.01.  The big difference with 7.01 is that all the pages handle more data so to keep PCI compliant we have all the pages have a SSL connection.  I think that the encryption data is tied in to the certificate itself, the setting in ISS does not need to be checked because Class will obey whatever the certificate asks for.  Class does not add more encryption layers then the certificate itself.

If the certificate uses 128bit encryption then Class will obey it, and use it.   Forcing ISS to use 128bit encryption through that option in ISS will break Class and is not required to enable.  

So I guess what I am saying is that the certificate is key here.  Class will obey whatever requirements that the certificate will lay out and use whatever encryption it entails.  

Hope that helps.
Comment
Watch Question

Commented:
There are few things that is used went transmitting in https.

The certificate will have a encryption bitness but also there is the ciphers on the server used to serve it.

Require 128 bit will make sure the 128 bit communication is enabled. But you could leverage the certificate if you don't remove the ciphers.

You need to edit the registry to remove the weak ciphers.

Don't worry about all that though use this tool

https://www.nartac.com/Products/IISCrypto/Default.aspx

and click "PCI" and it will secure your server to that correct level so you pass your compliance tests.

Use this site

https://www.ssllabs.com/ssldb/index.html

to see if your SSL site is secure.