Optimizing the security settings in Microsoft® Internet Information Server (IIS)

Depending on the version of the underlying operating system, Microsoft® Internet Information Server (IIS) still uses versions of the SSL procedure that have been deprecated by later versions and must categorized as insecure in the default settings.

Change the following registry values on the host system in order to change these settings and enable TLS as the protocol currently considered as secure.


REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000

The depicted text blocks can be saved and imported into the registry using RegEdit.

These settings will work from Windows Server® 2008 R2 and Internet Information Server (IIS) 7.5. Once the registry values have been set, the operating will have to be re-booted. In this context, also read the Microsoft® Knowledgebase Article at http://support.microsoft.com/kb/245030.

To verify the encryption method used by the server, the Internet Explorer® can be used after adapting the following settings:
Control Panel - Internet Options - Advanced - Security
Use SSL 2.0/3.0 Disable
Use TLS 1.2 Enable

With these changes, a web page delivered by HTTPS can no longer be opened using the insecure SSL2.0 & 3.0 protocols, but rather only using TLS.

Afterwards, open the estos UCServer Web Services page using the URL specified in the Administrator in your browser.

Version 5.1