Taxonomy: iis

Disable Diffie-Hellman Ciphers on IIS

To disable Diffie-Hellman ciphers on IIS you need to modify this registry key.

HKLM\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002

From “Functions” you will need to remove all ciphers that contain “DH”. Once that is complete you can restart the server and verify (sslscan) that they are no longer being used.

Another approach would be to use IIS Crypto. It is a gui/cli freeware program that will modifiy the registry keys for you.

Read More

© 2017 Joshua Glemza