zito2000
asked on
How do I find out which security protocols are being used on a windows 2008 R2 IIS server?
I would like to find a way to see which security protocols/ciphers are being used with IIS 6 on our windows 2008r2 server.
Where is the right place in the registry, or IIS to look for these settings?
Thanks,
Where is the right place in the registry, or IIS to look for these settings?
Thanks,
Here is an article that discusses enabling TLS 1 1 and 1.2: https://community.ipswitch .com/s/art icle/How-t o-Enable-T LS-1-1-TLS -1-2-on-Wi ndows-Serv er-2008-R2
Ideally, you only have TLS 1.2 enabled, but you may need 1.1 also. TLS 1.0 and all versions of SSL should be disabled, as they are all insecure.
Herr is an article on ciphers: https://support.hostway.co m/hc/en-us /articles/ 3600000246 30-Managin g-Windows- Server-Cip her-Suites -?mobile_s ite=true
Insecure ciphers should all be disabled.
Now you see why I had recommended IISCrypto on your last question. While you can use the registry, you are making things unnecessarily hard in doing so.
Ideally, you only have TLS 1.2 enabled, but you may need 1.1 also. TLS 1.0 and all versions of SSL should be disabled, as they are all insecure.
Herr is an article on ciphers: https://support.hostway.co
Insecure ciphers should all be disabled.
Now you see why I had recommended IISCrypto on your last question. While you can use the registry, you are making things unnecessarily hard in doing so.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
https://www.nartac.com/Products/IISCrypto/
its farly easy to do via regedit but this tool does the work for you!