[Ach] FYI: Setup your IIS for SSL Perfect Forward Secrecy and TLS 1.2

Andreas Mirbach a.mirbach at me.com
Mon Feb 2 18:45:23 CET 2015


Powershell is great, you can configure and automate everything. Just link a unix based system.
I can review this script if you like.
The main problem with IIS is, that it is very different to apache and so on.
I agree that we need to translate the cipher strings to match the IIS notation.

best regards Andreas
> On 02 Feb 2015, at 15:18, Pepi Zawodsky <pepi.zawodsky at maclemon.at> wrote:
> 
> Hoi!
> 
> On 01 Feb 2015, at 01:12, Aaron Zauner <azet at azet.org> wrote:
>> Pepi Zawodsky wrote:
>>> Just got this guide handed by Hetti for setting up IIS.
>>> 
>>> https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12
>>> 
>>> Doesn't look too bad when used with our cipher strings.
>> 
>> How does that work exactly? Any changes/patches to this script that
>> you'd mind sharing?
> How would I know? My last contact with Microsoft products was DOS 2.11. I had hoped the Windows guys here would chime in with praise and critique.
> 
>> This PowerShell Script still uses CBC mode all over the place, and I
>> don't think that you can use re-use the OpenSSL cipherstring :)
> We need to translate our cipher strings.
> 
> What I like is the idea of automation. Even if that needs some work. Should we try to invite the author here for working on improvements together?
> 
> Best regards
> Pepi
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20150202/d84eb1ef/attachment.sig>


More information about the Ach mailing list