Hardening IIS and scanning for SSL-related vulnerabilities – IISCrypto

I stumbled upon this great tool to set all the relevant registry entries (WTF?) to allow only the cryptographic algorithms that are considered secure to be negotiated with the server.

I archived it here (CLI version), for my personal reference, but if you prefer (and you should, frankly) you can get it from the author’s site.

Also, make sure to scan your page using, for example, this tool when you’re done.

Leave a Reply

Your email address will not be published. Required fields are marked *