IIS Crypto Explained

Lately, we have been receiving a lot of questions with regards to what exactly IIS Crypto does. I will do my best to answer these questions in this post.

IIS Crypto was created to simplify enabling and disabling various protocols and cipher suites on the many servers we administer. Originally we had a script that we would execute on each server after the initial setup, however, some servers needed different protocols and cipher suites enabled. We also wanted to see the current configuration of existing servers. Thus IIS Crypto was born.

IIS Crypto simply sets a few registry keys to enable/disable protocols, ciphers and hashes as well as reorder cipher suites. Microsoft has an article explaining all of the settings here. These are the exact keys IIS Crypto uses:

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Server
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS

Each registry key has an "Enabled" value that is set. The protocols have an additional value named "DisabledByDefault" that is also set.

To reorder the cipher suites, IIS Crypto uses the following keys:

HKLM\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002

HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002

The first registry key contains the list of supported cipher suites on the server. The second registry key is used to set the cipher suites order. These are the same keys that the group policy editor (gpedit.msc) use. Microsoft explains how to do this manually here. The full list of cipher suites supported is here.

IIS Crypto also supports pre-defined templates that can be set with a single button click:

PCI - Disables everything except SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, RC4 128, Triple DES 168, AES 128, AES 256, MD5, SHA1, DH and PKCS.

FIPS 140-2 - Disables everything except TLS 1.0, TLS 1.1, TLS 1.2, Triple DES 168, AES 128, AES 256, SHA1, DH and PKCS.

BEAST - The same as PCI, but also reorders the cipher suite as follows:

TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Feel free to leave a comment if you have any questions.

Comments (21) -

By KTL | May 4, 2013 - 02:52

Hi,

Little question on the reordering with BEAST: why do you put RC4 as the preferred?

Would it not be better to have first TLS v1.2 only ciphers (like AES/GCM), then RC4 and then the BEAST vulnerable ciphers from TLS 1.0 and SSL 3.0?

This way, you do not have CBC at first (so the PCI scans should be OK), remain protected against BEAST, promote TLS v1.2 and stay compatible with the old browsers.

By KTL | May 5, 2013 - 12:33

Hi,

Another question: when the PCI template is selected, all ciphers are greyed out in the "SSL Ciphers Suite Order" section but remain selected. When BEAST is selected, one can re-order but by default the 3DES ciphers are deselcted though 3DES is selected in the "ciphers enabled section".
If I press apply, are the 3DES ciphers active or not?

Thanks,

By Jeff | May 6, 2013 - 08:53

Hi,

RC4 is the recommended way to stop the BEAST attack. While I agree that AES/GCM in TLS 1.2 is much better, almost no browsers support it yet. Also all of these scans expect RC4 first in order to pass even though the issue has already been patched by Microsoft (without doing any reordering) ages ago.

For the 3DES, no it is not active when the BEAST button is clicked. This seems like an issue to me. I'll take a look at it. Thanks for the heads up!

- Jeff

By Jeff | May 6, 2013 - 09:07

Hi,

So after some digging, the missing 3DES does seem to be an issue in the latest build. I'll post a new build later this week after we test it with all of the various scans. Thanks again!

- Jeff

By KTL | May 7, 2013 - 01:54

Hi Jeff,

Thanks for the replies. For AES/GCM,I understand that TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 would work on W7 and W8 if TLS 1.1 and 1.2 were enabled (which is not the default) in the registry and/or in Internet Explorer. If all Windows 2008 and later servers and all W7 and later clients had this enabled, it would already be a major step forward. I will do a manual re-order on my sites so that AES/GCM are proposed before RC4.

For the issue itself, if you select BEAST and then deselect anything in the upper part, are the related ciphers in the "Cipher Suite Order" supposed to also be unchecked or not? Currently, making any change in the upper part has no effect on the content of the lower part.

Anyway, it is a great tool.

Martin

By Jeff | May 7, 2013 - 10:18

Hi Martin,

Right, the registry key to enable this is the same as the ones listed above but you replace "server" with "client"

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client

The upper check boxes disable the various protocols, ciphers and hashes in schannel (system wide). The lower check boxes control what IIS offers as part of the TLS negotiation. If you say disabled MD5 but offered TLS_RSA_WITH_RC4_128_MD5 and the client tries to use that cipher suite, the negotiation should fail.

- Jeff

By Alex | May 21, 2013 - 07:31

Great tool! although I am confused as to why there is a PCI and a BEAST option?

I found that when applying the PCI configuration, my PCI ASV scan still flags up with BEAST due to the cipher ordering.

Therefore should the BEAST option not be renamed PCI and the current PCI option removed as it does not achieve compliance?

Alex

By Jeff | May 22, 2013 - 08:14

Hi Alex,

Originally there was only the PCI button. The BEAST button was added due to many requests. However, the BEAST button is actually not needed as Microsoft patched the vulnerability ages ago without having to do a reorder. The problem is none of these scans know that your system has been patched, so they will always fail unless RC4 is the first cipher offered.

- Jeff

By Mark | May 31, 2013 - 08:30

Hello:

Thank You for IIS Crypto.  I think the application is great.  My issue is I have a server that I cannot install .Net 4.0 on the server without braking my application.  At this point rewritting the app to support .Net 4.0 is just not feasible.

Do you have a BEAST version of IIS Crypto that does not require .Net 4.0.

Being that IIS Crypto mainly makes registry changes to disable SSL 2.0 etc.

Can I just make the Registry changes you listed manually to achive the same resilt.

Do they need to be applied in the order given?

Is there more to it.  Please comment if possible.


Thank You

Mark

By Jeff | June 4, 2013 - 12:01

Hey Mark,

I am not sure I follow. There are both .Net 2.0 and 4.0 builds posted on the products page. Both builds are identical other than they target the two different platforms.

- Jeff

By John | July 8, 2015 - 11:41

Hey Jeff,

Just noticed that IIS Crypto adds the 'DisabledByDefault' DWORD value to the SCHANNEL\Protocols\'Protocol'\Server subkey. Actually, 'DisabledByDefault' is set on the 'Client' subkey only. In order to disable a protocol on the server, just the 'Enabled' DWORD value needs to be set on the 'Server' subkey. See https://support.microsoft.com/en-us/kb/245030 (To disable SSL 2.0, follow these stepsSmile for details. Agreed, the KB article you linked to above (support2.microsoft.com/default.aspx) is misleading.

Cheers!

By Jed | July 21, 2015 - 07:59

@John

On the Windows Server 2008 R2 x64 machine I just tested (using ssl-cipher-suite-enum connecting to IIS7.5), setting 'DisabledByDefault' to 0 is required to enable TLS1.1 and TLS1.2.

Thanks to all those who have worked on this awesome tool!

By Alex DeMarco | September 17, 2015 - 10:32

There is a local SSL Cipher Suite order local policy on our webserver.  Should I remove this and let Crypto set this for me?

By Juan Antonio Cerda | October 24, 2015 - 05:35

Today I used IIS Crypto tool with little to know knowledge about Cypher suites and protocols. I selected FIPS-140 and Disabled all SSL Cipher suites  with _CBC_ on it... now I can't RDP into the server and several web apps stopped working. I need help please.

By Steven Tingle | November 18, 2015 - 08:01

This Tool was great once, but doesn't seem to be compliant tp PCI-DSS 3.1. After using the PCI Button on a Domain Controller, Rapid7 Scans still show failures regarding CBC Ciphers and DES/IDEA Ciphers.

Any chance of an upgrade soon?

By php development service in indore | November 19, 2015 - 07:41

CTInformatics has the expertise in Wordpress development, mobile app development, phonegap development , Web development to help you transform your business. We also provide Best service of php development service in indore .

By David Soussan | November 29, 2015 - 07:17

Can I just say THANK YOU FOR THIS AWESOME TOOL!

By website designing indore | December 21, 2015 - 12:46

Great piece of writing, I really liked the way you highlighted some really important and significant points. Thanks so much, I appreciate your work.  

<a href="http://www.iwebsoul.com/";>website development  indore
</a>

By website designing indore | December 24, 2015 - 10:33

The resource that you mentioned here is something that I have been looking from quite a time. And finally it ended with such a nice blog post. Don’t have words to thank you.
<a href="http://www.iwebsoul.com/";>website desiging   indore
</a>

By Oliver | June 8, 2016 - 10:10

Isn't that BEAST option should not be renamed PCI?

By Jammie tam | September 13, 2016 - 10:41

Valuable commentary , Apropos , if someone needs a Freddie Mac 3291 , my colleague edited a fillable document here http://goo.gl/llXrkp

Add comment