Configuring IIS7 for TLS 1.0 only
Posted
by tomfanning
on Server Fault
See other posts from Server Fault
or by tomfanning
Published on 2010-04-29T18:04:03Z
Indexed on
2010/04/29
18:07 UTC
Read the original article
Hit count: 746
I have been tasked with configuring an IIS7 server to accept TLS 1.0 HTTPS connections only.
I have come up with the following list of cipher suites which I have deduced are TLS 1.0.
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
I have put that list in the box in the following policy: Computer Configuration | Administrative Templates | Network | SSL Configuration Settings | SSL Cipher Suite Order
Is that sufficient? Are any of the suites in my list not TLS 1.0? Are there any other TLS 1.0 suites supported by IIS7 that aren't in the list?
The server, by the way, is Windows Server 2008 R2.
Thanks
© Server Fault or respective owner