5Answers
  • 5
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Configuring IIS7 for TLS 1.0 only

I have been tasked with configuring an IIS7 server to accept TLS 1.0 HTTPS connections only.

I have come up with the following list of cipher suites which I have deduced are TLS 1.0.

TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA

I have put that list in the box in the following policy: Computer Configuration | Administrative Templates | Network | SSL Configuration Settings | SSL Cipher Suite Order

Is that sufficient? Are any of the suites in my list not TLS 1.0? Are there any other TLS 1.0 suites supported by IIS7 that aren't in the list?

The server, by the way, is Windows Server 2008 R2.

Thanks

A company called Nartac software makes a free IIS Crypto configuration tool that can be used to enable/disable protocols and cipher suites in IIS on Windows 2003, 2008 and 2012. It also comes with templates for configuring IIS to be FIPS 140.2 compliant, integrates with the Qualys SSL site analyzer for testing public urls, and has a list of other validation tools that can be used to validate internal sites.

  • 3
Reply Report

Trending Tags