ssl

As many have heard over the past year older versions of SSL have been compromised and should no longer be used by servers to negotiate communications. however disabling these deprecated SSL versions can be a bit of a headache.

I would strongly suggest anyone with public facing servers test them to be safe. I personally use this site to test my web servers as it is the most comprehensive security test I have found.

https://www.ssllabs.com/ssltest/analyze.html

I have used reg scripts and such to do it but they sometimes did not work out perfectly luckily I came across a freely available utility that allows you to enable and disable these features as needed.

https://www.nartac.com/Products/IISCrypto/

I would suggest Clicking the best practices button as that will select all of the appropriateSSL methods for you.

nartac1Apply the changes and a reboot the machine. I personally rerun the test posted earlier against the server to be sure. If you have made the needed changes you should have an A for your grade.

 

 

By admin