/ #yolosec Mon, 27 Jun 2022 04:55:35 +0000 en-US hourly 1 https://wordpress.org/?v=6.9 /2016/02/iis-8-with-ecc-certificates-increasing-your-ssl-security-on-windows-server-2012/ Fri, 12 Feb 2016 10:20:26 +0000 /?p=2624 What is an ECC Certificate and why would you need one? The main difference with an Elliptic Curve Cryptography (ECC) certificate is with how the certificate is signed, in this case the Elliptic Curve Digital Signature Algorithm (ECDSA) is used vs the standard RSA we are used to seeing. Once you have a certificate signed […]

The post IIS 8 with ECC certificates – increasing your SSL Security on Windows Server 2012 first appeared on RobWillis.info.]]> /2015/10/hardening-ssl-tls-connections-on-windows-server-2008-r2-2012-r2/ Wed, 21 Oct 2015 10:02:34 +0000 /?p=2455 Hardening your SSL/TLS connections is a pretty common thing to do on any Windows Server running IIS and web applications that utilize HTTPS, especially if they require some sort of compliance. It is generally a good idea to do this on all of your servers though, to ensure your secure connections really are secure. On […]

The post Hardening SSL & TLS connections on Windows Server 2008 R2 & 2012 R2 first appeared on RobWillis.info.]]> /2015/08/disabling-tls-1-0-with-ms-sql-2014-services-wont-start/ Sun, 16 Aug 2015 08:22:32 +0000 /?p=2417 Update – 2.1.2016 – I would really only use this as a last resort and I highly recommend testing this solution prior to putting it into production. At this time it does not appear that all of SQL’s features fully support disabling TLS 1.0 and you may run into issues with things like Reporting Services(SSRS). […]

The post Disabling TLS 1.0 with MS SQL 2012/2014 – Services won’t start & SSMS fails to connect first appeared on RobWillis.info.]]> /2015/05/fix-obsolete-cryptography-warning-in-chrome-on-iis-8/ Sat, 02 May 2015 09:01:40 +0000 /?p=2375 Update – 2.2.2016 – The ciphers originally listed in this post no longer work to fix the obsolete cryptography warning as Google has upped the requirement from DHE with AES_128_GCM to ECDHE with AES_128_GCM or CHACHA20_POLY1305. The only ciphers we have on Windows that are close to this requirement are all ECDHE-ECDSA which will require […]

The post Fix the obsolete cryptography warning in Chrome on IIS 7 & 8 first appeared on RobWillis.info.]]> /2013/09/iis-77-5-hardening-ssl-tls-windows-server-2008-r2/ Sat, 21 Sep 2013 00:40:52 +0000 /?p=2098      One of the first steps you should do when deploying a new public facing web server is hardening your server’s SSL/TLS connections. Disabling vulnerable protocols, ciphers, hashes and key exchange algorithms can help mitigate the now more common exploits like the BEAST attack. By default many weaker technologies are enabled, leaving IIS traffic vulnerable and […]

The post IIS 7/7.5 Hardening SSL TLS – Windows Server 2008 R2 first appeared on RobWillis.info.]]>