asked on
SSL Server test
HI All,
I am using Windows server 2012 R2 standard and hosted for the Gateway server. I ran IIS crypto as well , but still overall rating as " B " only.
This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B
TLS_DHE_RSA_WITH_AES_256_G
256
TLS_DHE_RSA_WITH_AES_128_G
128
Can any one help on this.
I am using Windows server 2012 R2 standard and hosted for the Gateway server. I ran IIS crypto as well , but still overall rating as " B " only.
This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B
TLS_DHE_RSA_WITH_AES_256_G
256
TLS_DHE_RSA_WITH_AES_128_G
128
Can any one help on this.
ExchangeWindows OSWindows Server 2012SSL / HTTPS
Last Comment
btan
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi , I have tried the same steps unselect all tls-dhe ciphers in Cipher suites and in schannel unselect tls1 and 1.1, sha and diffie helman.
Still no luck , I am getting B grade only.
I am using Windows 2012 R2 standard Operating system.
Signature algorithm is SHA256withRSA
TLS_DHE_RSA_WITH_AES_256_G
256
TLS_DHE_RSA_WITH_AES_128_G
128
Still no luck , I am getting B grade only.
I am using Windows 2012 R2 standard Operating system.
Signature algorithm is SHA256withRSA
TLS_DHE_RSA_WITH_AES_256_G
256
TLS_DHE_RSA_WITH_AES_128_G
128
After the changes, did you reboot the server?
ASKER
Rebooted the server as well..
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi, you have given a best solution , but not sure IIS Crypto settings are not making any changes.so still getting B grade only.
It may be some apps but if after rebooting the machine and the DH 1024 or TLS 1.0/1 still exist from reading from iiscrypto then A may not be achievable. Maybe useful if you can share the finding so that we understand the B is due to what reason based on the online findings it stated
Pls kind advice any further queries. thanks
ASKER
TLS_DHE_RSA_WITH_AES_256_G
TLS_DHE_RSA_WITH_AES_128_G
Facing issue with these two above keys.. Can you please help me out.
TLS_DHE_RSA_WITH_AES_128_G
Facing issue with these two above keys.. Can you please help me out.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi All,
Thanks for the support, below suggestion is helped to resolve the issue.
Disconnect nic cable, reboot, login as local administrator CHECK RSOP and run iiscrypto.
Thanks for the support, below suggestion is helped to resolve the issue.
Disconnect nic cable, reboot, login as local administrator CHECK RSOP and run iiscrypto.
Thanks for sharing and you may proceed to close the question if there are no further queries
As per advice given
can you printscreen the iiscrypto settings?
Cheers