IIS Crypto 3.1 has been released! This version is a minor update to fix a couple of issues. We are working on a larger update that will include a bunch of new features. Download the latest here.
We are happy to announce that IIS Crypto 3.0 has been released! This version adds advanced settings, registry backup, new templates with a simplified format, Windows Server 2019 support and much more. The full change log can be found on the download page. We have also added a new support site and blog.
Thank-you to all of our beta testers and for everyone’s suggestions and support over the years. It is much appreciated!
We just published a minor update of IIS Crypto. If you have been experiencing a crash while running from a network share, this resolves the issue.
After testing IIS Crypto 2.0 we ran into an issue with soon to be released Windows Server 2016. All of the Qualys SSL scans were not recognizing the order of the cipher suites configured by IIS Crypto. It turns out that Microsoft quietly renamed most of their cipher suites dropping the curve (_P521, _P384, _P256) from them. This reduced most suites from three down to one. However, this threw us a bit of a curve ball as now IIS Crypto’s configuration and all of the templates needed to support OS version checking. We added this in one of the beta versions, retested and sure enough the scans were now showing the correct cipher suite order.
While testing the latest version of IIS Crypto, we researched all of the cipher suites for each operating system. Unfortunately there is little up-to-date documentation on the default cipher suites included or their order for TLS negotiation. We ended up extracting the list by logging into every fully patched version of Windows Server and exporting the proper registry key values. The full list can be found here.