When you are in charge of fixing vulnerabilities or troubleshooting software encrypted communication issues, you often have to deal with upgrading or fixing cipher suites. It’s often complex depending on the vendor, to access, customize or even know which cipher suites are available.
For Windows Server, a company called Nartac provides a free tool called IIS Crypto, that will help you configure your servers security in a snap!
Using IIS Crypto with a GUI
Nartac offers two versions of its tool, the one which come the GUI and the CLI version. I would recommand to install the GUI version to get familiar with it, you will see which suites and schannel are available on your system, understand how the product works, and finally you will be able to create custom templates to use with the GUI or, even better, with the CLI.
IIS Crypto CLI
Once you’re comfortable with IIS Crypto, and especially if you have many servers to manage, I would highly recommend going with the CLI version.
You can deploy IIS Crypto through chocolatey and then apply a pre-existing template, or a custom one depending on your needs:
