IIS Crypto

IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2003, 2008 and 2012. It also lets you reorder SSL/TLS cipher suites offered by IIS, implement best practices with a single click and test your website.

Features

• Single click to secure your site using best practices
• Easily disable SSL 2.0
• Enable TLS 1.1 and 1.2
• Disable other weak protocols and ciphers
• Reorder cipher suites
• Templates for compliance with government and industry regulations – FIPS 140-2 and PCI

What Does IIS Crypto Do?

IIS Crypto updates the registry following this article from Microsoft. We have tested IIS Crypto on Windows Server 2003, 2008, 2008 R2 and 2012 and 2012 R2.Note – Windows Server 2003 does not support the reordering of SSL cipher suites offered by IIS. However, you can still disable weak protocols and ciphers. Also, Windows Server 2003 does not come with the AES cipher suite. Microsoft has a hotfix for this.

Downloads

IIS Crypto requires the .Net Framework version 2.0 or greater. If you are running Windows Server 2012, download the .Net 4.0 version.

• IIS Crypto GUI version 1.4 build 5 (.Net 2.0, 76 KB)
• IIS Crypto GUI version 1.4 build 5 (.Net 4.0, 90 KB)
• IIS Crypto Command Line version 1.4 build 5 (.Net 2.0, 61 KB)
• IIS Crypto Command Line version 1.4 build 5 (.Net 4.0, 75 KB)

Version history can be found here.Note – IIS Crypto requires administrator privileges. If you are running under a non-administrator account, the GUI version will prompt for elevated permissions. The command line version must be run from a command line that already has elevated permissions.