Configuring SSL/TLs made easy

I’ll admit, I find the configuration of SSL and TLS something of a mystery – I like to leave that stuff to the admin guys and get on with the coding. It’s something of a black art, and there seem to be so many obscurely named vulnerabilities that it’s a bit difficult to handle without being a specialist. (Heartbleed? Bar Mitzvah? Lucky 13? Poodle? I mean, seriously, POODLE?)

However, I was recently given a PowerShell script and told to ‘fix these servers’ – and it was very easy.

The script I used came from http://www.hass.de – Setup your IIS for SSL Perfect Forward Secrecy and TLS 1.2 . There are two scripts attached to the bottom of that page.

  • v1.4 – Doesn’t support RC4
  • v1.3 – Does support RC4

Why would you want to support the RC4 cipher when it’s known to be weak? Well, unfortunately, it’s the best of a bad bunch for supporting Internet Explorer 8 running on Windows XP (yes, some people still use that).

I chose v1.3, and ran the PowerShell, rebooted and… it worked. Checking with the online SSL checkers from HT Bridge and SSLLabs got A- and B respectively. This is considerably better than the F grade before we ran it.

Thank you Alexander Hass, you just made my day much easier.

Advertisements
Configuring SSL/TLs made easy

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s