Disable SSLV2, SSL 3 & Weak SSL Ciphers on IIS, Enable TLS 1.2

Disabling SSLV2 (SSL Version 2), SSLv3 (SSL Version 3) and Weak Ciphers with 40 and 56 bit keys is a maze of settings in Regedit. You can also use this tool to enable TLS 1.1 and TLS 1.2 on Windows Servers. Our GUI allows you to disable weak ciphers and SSL protocols with the click of a button. Watch a video to see how easy it is.

Starting at $39

Need More than 50 Licenses? Please Request a Quote

Requires .NET Framework 2.0 or Greater, Windows Server


Check Your Server:

SSL Domain:

"It's a no brainer. The product just saved me time, money and a big headache."

Gerald T. - Sacramento State University

Have you disabled weak ciphers and protocols on your Microsoft Internet Information Server (IIS)? Weak SSL Protocols Ciphers are often enabled by default on Microsoft IIS servers. If you accept credit cards on your site, chances are you must comply with PCI which states that you must only allow Strong cryptography and security protocols.

PCI DSS Question 4.1 Are strong cryptography and security protocols, such as SSLTLS, SSH or IPSEC, used to safeguard sensitive cardholder data during transmission over open, public networks
PCI DSS Question 4.1 (c) Are security protocols implemented to use only secure configurations, and not support insecure versions or configurations?

For Example on a Windows 2003 or 2008 Server the following protocols will be enabled by default:

The following Ciphers may be enabled on Windows 2003 or 2008 by default:

You must disable weak ciphers that use 40 bit keys (such as RC2 40/128 and RC4 40/128), or 56 bit keys (such as DES 56/56 or RC4 56/128), you should require key length of at least 128 bits.


Frequently Asked Questions about Disabling SSL Protocols & Ciphers

Will I loose customers by rejecting HTTPS connections with SSL v2, PCT 1.0, and 40 or 56 bit keys?

The chances of a customers browser not supporting strong cryptography is very small these days. All Modern browsers (IE7+, Firefox, Google Chrome, Opera) do not even ship with SSLv2 enabled.

Because todays merchant standards require strong cryptography, for online credit card transactions the potential customer would not be able to do business on most ecommerce sites.

Which SSL Protocols are Considered Weak, and should be disabled?

The PCT 1.0 and SSL 2.0 are considered weak. When you click the Uncheck Weak Ciphers / Protocols button in our IIS SSL Cipher tool these protocols will be unchecked.

As of October 2014, the SSL3 protocol is also considered weak, due to the POODLE vulnerability (CVE-2014-3566). Disabling SSLv3 may impact older HTTPS clients, such as IE6 on Windows XP. When you click the Uncheck Weak Ciphers / Protocols the SSLv3 protocol is NOT unchecked, you must do this manually if you wish to disable SSLv3.

Which Ciphers are Considered Weak, and should be disabled?

The ciphers DES 56/56, NULL, RC2 40/128, RC4 40/128, and RC4 56/128 are considered weak. When you click the Uncheck Weak Ciphers / Protocols button in our IIS SSL Cipher tool these ciphers will be unchecked.

What versions of IIS do I need to run this tool on?

As of this writing all versions of IIS 3 - 8, require a change in default SSL and TLS protocol support, future versions may require this as well.

What versions of windows are supported?

Because this tool is built with the .NET framework it can run on any version of Windows as long as you have the .NET Framework (2.0 or greater) installed. You can obtain the latest version here.

Does this EXE work on 32 / 64 bit servers?

Yes, both.

Does it work on Windows 2012 with IIS 8?

Yes, it works on Windows 2012 Servers running IIS 8. Windows 2012 enables TLS 1.1 and TLS 1.2 by default, but it also enables SSL 3.0 and TLS 1.0. You can use this tool to disable SSL and TLS protocols as needed.

Can I enable TLS 1.1 or TLS 1.2 on Windows 2008 R2 with this app?

Yes - TLS 1.1 and TLS 1.2 are not enabled by default on Windows 2008r2, but you can use this app to enable or disable these protocols.

Does it work on Windows 2008 with IIS 7?

Yes, it works on Windows 2008 Servers running IIS 7 or Windows 2008r2 servers running IIS 7.5.

Note that Windows 2008 and lower do not support TLS 1.1 or TLS 1.2. Windows 2008 R2 does support TLS 1.1 and TLS 1.2 protocols but they are disabled by default, you can use this tool to enable TLS 1.2 and TLS 1.1 on Windows 2008r2.

What about Windows 2003 with IIS 6?

Yes, it works on Windows 2003 as well as earlier versions of Windows and IIS. However these operating systems do not support TLS 1.1 and TLS 1.2, upgrade to Windows 2008r2 or greater.

My Security Scanning Company Said ... will this program help fix my problem?

Here are some common things your security company might say:

If your security company is saying one of the above, and you use IIS, you simply need to purchase this product, and run it to correct the problem. If your security scanning vendor is saying something else please Contact Us and we will let you know if we can help.

Newsletter:
  Privacy Policy