Configure SSL on Windows

Please, refer to SSL Configuration Testing to test the current level of SSL Configuration.

Windows Configuration

Windows Server 2016 and higher already has SSL configuration that satisfies current security regulations (for example, SSL v2 and SSL v3 are disabled).

In earlier versions of Windows Servers (2008, 2012) SSL v3 is still enabled, i.e. you manually need to disable legacy protocols. Please, see Microsoft recommendations: How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services

We are usually using the IIS Crypto tool that provides GUI to disable weak ciphers and legacy protocols. It allows us to avoid dangerous manual work with windows registry.

Using SSLLabs Test Tool tips and functionality of this tool allows quickly secure SSL/TLS in Windows.

Real example of Windows Server 2012 R2 SSL Configuration

See Also

Published on Apr 11, 2017