Secure IIS Web Server & disable weak ciphers

Even if your website is running under HTTPS, you have to also secure SSL/TLS configuration and monitor news about new vulnerabilities and attacks, regarding SSL/TLS ,like:

In order to disable weak ciphers in Windows and secure iis web server, you have to do it through Group Policy Object Editor:
1. run gpedit.msc
2. expand Computer Configuration, Administrative Templates, Network, and then click on SSL Configuration Settings.


3. open the SSL Cipher Suite Order setting and set up a strong cipher suite order.

Or you can do it through the registry, following this article from Microsoft.

If you find it too hard to set a strong cipher suite order and disable vulnerable ciphers, you can use IIS Crypto from NARTAC SOFTWARE.
IIS Crypto is a free tool that gives you the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2003, 2008 and 2012 very easy.


After you finish, test your web server with Qualys SSL Labs Server Test. This is a free online service, which performs a deep analysis of the configuration of any SSL web server on the public Internet.

    Also check your web server compatibility with various browsers, just to be sure that you support all the browsers:

  • BrowserStack
  • modern.IE

Related Links:
Guide to Deploying Diffie-Hellman for TLS
SSL Labs SSL/TLS Best Practises
Hardening Windows Server 2008/2012 and Azure SSL/TLS configuration