Comments (20) -

By Dom | August 3, 2016 - 08:41

Thanks! you've saved me tons of time with this tool. Greatly appreciated!

By Rob H | August 23, 2016 - 07:58

Kudos for making - and updating - such a fantastic tool! Smile

By Rob | September 20, 2016 - 08:49

Guys,

Does anyone know if this will work on a Server 2008 (non R2) instance?

Thanks

By KAI | October 10, 2016 - 03:07

How it is support TLS1.3 for windows 2012 IIS?

By Blake | November 9, 2016 - 09:46

Great tool very useful.  Using CLI I was able to remove SWEET32 SSL vulnerability from 1300 devices.  

By Sad Pencil | November 12, 2016 - 03:53

Many thanks to this software!

By Tom Jerry | December 21, 2016 - 10:52

Hi,

Due to The SWEET32 Issue, CVE-2016-2183, 3DES cipher should be disabled when Best Practices is used under Cipher Suites.
And thank you for this great software.

By yon | January 31, 2017 - 03:23

when the tool support for IIS10 and TLS1.3 ?

By yon | January 31, 2017 - 03:24

TLS 1.3 now removes obsolete and insecure features from TLS 1.2, including the following:

SHA-1
RC4
DES
3DES
AES-CBC
MD5
Arbitrary Diffie-Hellman groups — CVE-2016-0701
EXPORT-strength ciphers – Responsible for FREAK and LogJam
Three TLS current 1.3 test servers to play with: https://enabled.tls13.com/ , https://www.allizom.org/ and https://tls13.crypto.mozilla.org/.

This streamlining also makes TLS 1.3 much simpler to configure for server operators.

By Sorean | March 5, 2017 - 04:49

IIS Crypto reaches out to mail.nartac.com during SSL removal with TCP connect
It preforms TCP TCPCopy, TCP Send TCP Receive commands. Why is it reaching out  to your servers across the net?

By Jeff | March 5, 2017 - 08:22

Hi,

It reaches out to update.nartac.com which is the same IP address as mail.nartac.com. It does a check for updates. That is the only external server it hits.

- Jeff

By Shane Willoughby | March 6, 2017 - 03:24

Thank you kindly for designing and providing this tool! I don't think it could have been made to work any easier!

By Test | August 10, 2017 - 04:01

what is mean by set client side protocols?

By Datakonsulenten | November 20, 2017 - 11:15

The certificate your exellent software is signed with is out of date.
On systems running strict security (app locker)  - this makes it impossible to start.
Is it possible for you to fix this?
Thanks!

By Anonymous-admin | May 1, 2018 - 02:54

In July 2017, Microsoft released update KB4019276 to add TLS1.1 and TLS1.2 to Server 2008 (Windows 6.00) Service Pack, will there be an updated version of IISCrypto supporting this, or will everybody have to revert back to manual configuration again?

By John | June 12, 2018 - 02:53

I know this question has been asked before but it hasn't been answered.

I am running a website Asp.Net + IIS 8.5.

I have the enable client side protocol set - What does it do, need to keep it set? I have no control over clients (browser)? Do I need to keep it ticked?

By Matt | June 18, 2018 - 09:07

Bug Report

Version: Version 2.0 Build 11, both GUI and CLI
Windows: Server 2016 Datacenter, Azure VM, fully patched (June cumulative).

Crash on launch of GUI, or crash when trying to apply template via CLI.

Errors from Event viewer and CLI
KERNELBASE.DLL and System.InvalidCastException

By Scot | July 18, 2018 - 10:07

Hi.  I am also getting the same System.InvalidCastException when trying to run IISCrypto GUI or CLI on Windows 2012 Datacenter with IIS 8.0

I backed up the SCHANNEL tree in the registry, removed the enabled keys for in Ciphers and Protocols as someone suggested here:   www.nartac.com/.../IIS-Crypto-Explained.aspx

After that IISCrypto GUI ran without issues.

By Balashanmugam S | August 13, 2018 - 01:14

After Installing the ICC Server Hardening  modules application was running fine, But all of the sudden  server (windows 2008
and windows 2016  servers )got rebooted , TLS 1.2 registry values are not  reflected .Application is also not working.

By Ewald Bracko | September 12, 2018 - 10:27

Is it planned to release a new version of IISCrypto anytime soon which reflects the new requirements of PCI 3.2 and also handles the new  cipher suites?
There were quite some changes since 2016...

By john | September 14, 2018 - 05:33

good sound

Add comment