Nartac Software Blog

IIS Crypto Updated

Sat, 16 Jul 2016 10:06:00 +0000

We just published a minor update of IIS Crypto. If you have been experiencing a crash while running from a network share, this resolves the issue.

Cipher Suites Renamed in Windows Server 2016

Tue, 12 Jul 2016 11:15:00 +0000

After testing IIS Crypto 2.0 we ran into an issue with soon to be released Windows Server 2016. All of the Qualys SSL scans were not recognizing the order of the cipher suites configured by IIS Crypto. It turns out that Microsoft quietly renamed most of their cipher suites dropping the curve (_P521, _P384, _P256) from them. This reduced most suites from three down to one. However, this threw us a bit of a curve ball as now IIS Crypto's configuration and all of the templates needed to support OS version checking. We added this in one of the beta versions, retested and sure enough the scans were now showing the correct cipher suite order.

Default Cipher Suites in Windows Server

Mon, 11 Jul 2016 13:05:00 +0000

While testing the latest version of IIS Crypto, we researched all of the cipher suites for each operating system. Unfortunately there is little up-to-date documentation on the default cipher suites included or their order for TLS negotiation. We ended up extracting the list by logging into every fully patched version of Windows Server and exporting the proper registry key values. The full list can be found here.

IIS Crypto 2.0 Released!

Fri, 08 Jul 2016 14:20:00 +0000

We are happy to announce that IIS Crypto 2.0 has been released! This new version is a complete rewrite and has a brand new interface. Some new features include creating custom templates, Windows Server 2016 support, add your own cipher suites, check for updates and much more. The full change log can be found on our download page. We have also updated the documentation and FAQ.

Thank-you everyone for all of your comments and feedback!

New SSL/TLS Attack - FREAK

Thu, 05 Mar 2015 14:14:00 +0000

A new SSL/TLS vulnerabilty was recently discovered dubbed "FREAK". Originally it was thought that only OpenSSL was vulnerable, however, Microsoft just issued an advisory (3046015) describing the affected versions of Windows. The default configuration of Windows 2003 is vulnerable, however, Windows 2008 and above are not affected in the default configuration. The Best Practices template in IIS Crypto solves this by removing the affected cipher suites.

MS14-066 Updated

Tue, 18 Nov 2014 14:26:00 +0000

Microsoft has just released an update for MS14-066. All this update does is remove TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256 from the default cipher suite list for Windows 2008 R2 and Windows 2012. It does not update Windows 2012 R2. This seems like a temporary measure until Microsoft figures out what the real issue is. In the mean time, make sure that those cipher suites are unchecked in IIS Crypto.

IIS Crypto 1.6 Released with Updates for MS14-066

Mon, 17 Nov 2014 18:30:00 +0000

IIS Crypto 1.6 has been released. This version adds the 4 additional cipher suites that were updated as part of the MS14-066 (KB2992611) patch. Along with some minor fixes, the PCI template now disables SSL 3.0 and RC4. Full version history can be found here.

Microsoft released a patch named MS14-066 on November 11, 2014 to address a vulnerability in SChannel that could allow remote code execution. The patch includes 4 new cipher suites for Windows Server versions 2003 through 2012 R2. Previously only Windows Server 2012 R2 had these cipher suites. On November 16, Microsoft updated the advisory stating that they found an issue with the new cipher suites they introduced. If you have applied this patch and are running into connection issues with clients, the work around is to disable the following cipher suites: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384 and TLS_RSA_WITH_AES_128_GCM_SHA256. Using IIS Crypto simply uncheck these cipher suites, click Apply and reboot your server.

IIS Crypto 1.5 and Attack of the POODLE

Sat, 08 Nov 2014 11:40:00 +0000

A new version of IIS Crypto has been released. This updates the Best Practices template to disable SSL 3.0 because of the POODLE attack. Best Practices also has an updated cipher suite order and excludes RC4 encryption and DSA certificates. Addtional cipher suites have been added to Windows Server 2012 R2. Full version history can be found here. Check the updated FAQ for more help.

Thanks to everyone for the feedback and help with testing!

IIS Crypto 1.4 Released

Tue, 05 Nov 2013 16:25:00 +0000

IIS Crypto 1.4 has finally been released. Along with the usual bug fixes, version 1.4 adds in a new Best Practices template which prefers forward secrecy cipher suites with the highest key length. The BEAST template has been removed as RC4 is now considered much weaker than previously was known. A good explaination can be found here. Finally, the SSL scanner from Qualys is now built in so you can scan your website directly from IIS Crypto.

IIS Crypto Explained

Fri, 19 Apr 2013 08:18:00 +0000

Lately, we have been receiving a lot of questions with regards to what exactly IIS Crypto does. I will do my best to answer these questions in this post.

IIS Crypto was created to simplify enabling and disabling various protocols and cipher suites on the many servers we administer. Originally we had a script that we would execute on each server after the initial setup, however, some servers needed different protocols and cipher suites enabled. We also wanted to see the current configuration of existing servers. Thus IIS Crypto was born.

IIS Crypto simply sets a few registry keys to enable/disable protocols, ciphers and hashes as well as reorder cipher suites. Microsoft has an article explaining all of the settings here. These are the exact keys IIS Crypto uses:

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Server
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS

Each registry key has an "Enabled" value that is set. The protocols have an additional value named "DisabledByDefault" that is also set.

To reorder the cipher suites, IIS Crypto uses the following keys:

HKLM\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002

HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002

The first registry key contains the list of supported cipher suites on the server. The second registry key is used to set the cipher suites order. These are the same keys that the group policy editor (gpedit.msc) use. Microsoft explains how to do this manually here. The full list of cipher suites supported is here.

IIS Crypto also supports pre-defined templates that can be set with a single button click:

PCI - Disables everything except SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, RC4 128, Triple DES 168, AES 128, AES 256, MD5, SHA1, DH and PKCS.

FIPS 140-2 - Disables everything except TLS 1.0, TLS 1.1, TLS 1.2, Triple DES 168, AES 128, AES 256, SHA1, DH and PKCS.

BEAST - The same as PCI, but also reorders the cipher suite as follows:

TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Feel free to leave a comment if you have any questions.