SSL with 256bit Strength

We have TMG 2010 and publish a Website with SSL. The Certificate supports 128bit up to 256 bit encryption. How can we force to use 256bit only?

Mark

August 4th, 2011 1:06pm

Hi,

 

Thank you for the post.

 

In order to get IIS7 to do 256 bit encryption, we have to ensure the cipher suit that is listed first is the following: TLS_RSA_WITH_AES_256_CBC_SHA

 

In order to change the Cipher Suite order we can do the following:

- Run gpedit.msc from the command line

- within the Group Policy Object Editor, expand Computer Configuration, Administrative Templates, Network.

- Under Network, select SSL Configuration and then double click on SSL Cipher Suite Order

- By Default the SSL Cipher Suite Order is set to "Not Configured"

- To enable 256-bit encryption, select the "enabled" radio button

- Within the SSL Cipher Suites text box, remove TLS_RSA_WITH_AES_128_CBC_SHA or at least place it behind TLS_RSA_WITH_AES_256_CBC_SHA.

 

TLS_RSA_WITH_AES_256_CBC_SHA has to be the first cpiher suite listed in order for us to connect with 256-bith encryption.

 

Once the steps above have been completed, restart the server for the changes to take effect. Now we can browse a page served on the IIS7 server and confirm it is using 256 bit encryption. To do this, right click on the page, select properties and you should see the following:

TLS 1.0, AES with 256 bit encryption (High); RSA with 1024 bit exchange

 

Regards,
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2011 11:20am

Hi!

I am also having the same issue. I have already done as suggested in this thread.

I have installed godaddy.com Wildcard SSL certificate in a Server which is in a datacenter. The Server is Windows 2008 R2 with Service Pack 1 and running IIS7.5
I am trying to make it 256 bit SSL. I have applied all suggestions given in the following guide
http://derek858.blogspot.in/2010/06/enable-tls-12-aes-256-and-sha-256-in.html
But it's still showing 128 bit SSL in my sites https://admin.chatware.com  & https://service11.chatware.com

Please help!

Asim Chandra

February 10th, 2012 3:37pm

It would appear that following this change on windows server 2012, that remote desktop fails to self sign its' certs and you can no longer RDP into a machine.

Free Windows Admin Tool Kit Click here and download it now
July 11th, 2013 10:44pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics