Identify and disable weak cipher suites

Figuring out which cipher suites to remove can be very difficult. For Windows, I've used the free IIS Crypto tool in the past:

IIS Crypto is a free tool that gives administrators the ability to enable or disable
protocols, ciphers, hashes and key exchange algorithms on Windows Server 2003, 2008
and 2012. It also lets you reorder SSL/TLS cipher suites offered by IIS, implement
best practices with a single click and test your website.

This not only leverages someone's expert knowledge as far as which algorithms are more or less secure, but also takes the pain of figuring out how to actually implement the change in Windows away (hint: it's a bunch of registry entries).

Tags:

Webserver

Tls

Cipher Selection

Related

If I use a good Master Password in Firefox, is security improved when I Remember Passwords instead of re-type? What are good resources to do hands-on practice on network penetration testing? What kinds of encryption are _not_ breakable via Quantum Computers? How does Authy's 2FA work, if it doesn't connect to the server? How can I store a password history to prevent reuse? Password security Which signing key should I use for certifying other peoples public keys: master or subkey? How secure is "Secure Keyboard Entry" in Mac OS X's Terminal? Do simple Linux servers really need a non-root user for security reasons? How dangerous is it to allow arbitrary webhook urls to post to? UTF-7 XSS attacks in modern browsers Consider a "zero-knowledge" file host such as mega.co.nz. How can one prevent users to upload unencrypted content?

Recent Posts