A new version of IIS Crypto has been released. This new version adds in a BEAST template to re-order the SSL cipher suite putting RC4 at the top to mitigate the attack. We have also added .Net 4.0 binaries for Windows 2012 as it does not install .Net 2.0 by default.
Category: Security
IIS Crypto has been updated to fix the security exception issue if it is run under a non-administrator account. Thanks for all of the bug reports, keep them coming!
Microsoft has issued an advisory (2588513) to enable TLS 1.1 on both the client and server. This all stems from the recently disclosed vulnerability in the TLS 1.0 protocol. One of the main reasons why we wrote IIS Crypto was to make it easy for administrators to enable TLS 1.1 and 1.2. We are happy to see Microsoft take this issue seriously and hope many server administrators will as well.
