IIS Crypto requires Windows Server 2008 and the .Net 4.0 framework or greater. Both GUI and command line versions are available.

IIS Crypto GUI

Version 2.0 (217 KB)

Download

IIS Crypto CLI

Version 2.0 (137 KB)

Download
Older versions of IIS Crypto that run on Windows Server 2003 or .Net 2.0 can be found here.

Version 2.0 Build 11 - Released July 15, 2016

  • Full version information to About tab
  • Crash when run from a network share

Version 2.0 Build 10 - Released July 8, 2016

  • Complete application and GUI redesign
  • Built-in and custom templates support
  • Windows 10 and Windows Server 2016 support
  • Schannel client side protocols
  • Automatic and manual check for updates
  • All cipher suites are loaded from the OS list of defaults
  • Add your own cipher suites if they are not in the OS list of defaults
  • PCI 3.1 template
  • Custom templates in the same folder as IIS Crypto are added to the template list automatically
  • Reboot switch for the console application
  • Dropped support for Windows 2003 and lower
  • Changed cipher suite order for Best Practices template and now includes DSA certificates
  • UI is now resizable
  • Warning messages for disabling TLS 1.0 in Windows Server 2008 and 2008 R2 for RDP support
  • Executables are now dual signed with SHA1 and SHA256
  • Console application now takes built-in templates and external files as parameters
  • Triple DES 168/168 was renamed to Triple DES 168 for Windows Server 2008 and newer
  • Unchecking all cipher suites when none are specified caused all to be checked instead of unchecked

Version 1.6 Build 7 - Released November 17, 2014

  • Additional cipher suites for all platforms due to MS14-066
  • Triple DES 168/168 was changed to Triple DES 168 in Vista/2008 and newer
  • PCI button now disables SSL 3.0 and RC4 128/128
  • Missing cipher suites TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

Version 1.5 Build 6 - Released November 8, 2014

  • New cipher suites: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384 and TLS_RSA_WITH_AES_128_GCM_SHA256 for Windows 2012 R2
  • New hashes: SHA 256, SHA 384 and SHA 512
  • New key exchange: ECDH
  • Check all and uncheck all buttons for the cipher suite order
  • Best Practices has updated the cipher suite order to exclude RC4 encryption and DSA certificates
  • Disabled SSL 3.0 for Best Practices because of the POODLE attack
  • Hide TLS 1.1 and 1.2 for Windows 2008 (not R2) and lower
  • IIS Crypto now looks for both 0xffffffff and 0x1 for Enabled values in the registry
  • Warning message if TLS 1.0 is unchecked and Remote Desktop is set to use it
  • Cipher suite order for TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521

Version 1.4 Build 5 - Released November 5, 2013

  • Best practices template and command line option
  • Help button with FAQ link
  • Qualys SSL server test
  • Cipher suites are no longer loaded from the registry as they are not all included
  • Cipher suites are listed in the best practices order if none have been selected
  • Cipher suites are only checked or unchecked when the checkbox is clicked
  • Reordered the template buttons
  • Removed the BEAST template button and command line option

Version 1.3 Build 4 - Released December 12, 2012

  • .Net 4.0 executables for Windows 2012
  • BEAST button and command line option to re-order the cipher suite to put RC4 at the top
  • Message for unsupported SSL Cipher Suite Order in Windows 2003
  • Minor GUI issues

Version 1.2 Build 3 - Released August 28, 2012

  • Invalid timestamp for executable signature
  • When running under a non-administrator account, IIS Crypto crashes with a System.Security.SecurityException

Version 1.1 Build 2 - Released February 26, 2012

  • A new command line version
  • License agreement dialog on first run
  • Warning dialog if the SSL Cipher Suite Order is changed
  • Default settings are now restored after the Apply button is clicked
  • DisabledByDefault is set for protocols, this will fix support for TLS 1.1 and TLS 1.2
  • SSL Cipher Suite Order not being displayed correctly

Version 1.0 Build 1 - Released May 6, 2011

  • Initial version