IIS Crypto | Rajeev Pentyala - Microsoft Power Platform

Obsolete Secure Communications Protocol Supported – InfoSec – Fix

December 9, 2019 Rajeev Pentyala Leave a comment

Last week our web application (i.e., ADX portal website) underwent Penetration testing (Also called ‘Ethical hacking’) and we got following recommendation:

Disable all affected protocols identified above. If possible, implement TLSv1.3, or TLSv1.2 otherwise.

Reason:

In our application’s web server (IIS), TLSv1.0 and TLSv1.1 communication protocols were enabled.
TLSv1.0 and TLSv1.1 were deprecated in major browsers as of Q1 2019 and will be disabled completely in early 2020.

Fix:

We’ve used IIS Crypto tool to disable TLSv1.0 and TLSv1.1 protocols.
IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Servers.
Download the IIS Crypto GUI tool in your windows server where your application is hosted.

IIS Crypto_1

Open the tool and un-check TLSv1.0 and TLSv1.1 options.

IIS Crypto

You must restart the server for changes to take effect.

🙂

Categories: ADX, Misc Tags: IIS Crypto, TLSv1.0, TLSv1.1

Rajeev Pentyala – Microsoft Power Platform

Archive

Obsolete Secure Communications Protocol Supported – InfoSec – Fix

Stats

Follow Blog via Email

Top Posts

Tweets