Configuring IIS7 for TLS 1.0 only

Posted by tomfanning on Server Fault See other posts from Server Fault or by tomfanning
Published on 2010-04-29T18:04:03Z Indexed on 2010/04/29 18:07 UTC
Read the original article Hit count: 746

Filed under:
|
|
|
|

I have been tasked with configuring an IIS7 server to accept TLS 1.0 HTTPS connections only.

I have come up with the following list of cipher suites which I have deduced are TLS 1.0.

TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA

I have put that list in the box in the following policy: Computer Configuration | Administrative Templates | Network | SSL Configuration Settings | SSL Cipher Suite Order

Is that sufficient? Are any of the suites in my list not TLS 1.0? Are there any other TLS 1.0 suites supported by IIS7 that aren't in the list?

The server, by the way, is Windows Server 2008 R2.

Thanks

© Server Fault or respective owner

Related posts about tls

Related posts about ssl