We help IT Professionals succeed at work.

IIS 6 128-bit encyrption

danfiggolf asked
Is it true that the encryption level is tied to the certification:
About the Require secure channel (SSL) button.  I think we keep that unchecked even for 7.01.  The big difference with 7.01 is that all the pages handle more data so to keep PCI compliant we have all the pages have a SSL connection.  I think that the encryption data is tied in to the certificate itself, the setting in ISS does not need to be checked because Class will obey whatever the certificate asks for.  Class does not add more encryption layers then the certificate itself.

If the certificate uses 128bit encryption then Class will obey it, and use it.   Forcing ISS to use 128bit encryption through that option in ISS will break Class and is not required to enable.  

So I guess what I am saying is that the certificate is key here.  Class will obey whatever requirements that the certificate will lay out and use whatever encryption it entails.  

Hope that helps.
Watch Question

There are few things that is used went transmitting in https.

The certificate will have a encryption bitness but also there is the ciphers on the server used to serve it.

Require 128 bit will make sure the 128 bit communication is enabled. But you could leverage the certificate if you don't remove the ciphers.

You need to edit the registry to remove the weak ciphers.

Don't worry about all that though use this tool


and click "PCI" and it will secure your server to that correct level so you pass your compliance tests.

Use this site


to see if your SSL site is secure.