AsiaTech: Microsoft APGC Internet Developer Support Team

We focus on various troubleshooting plan and solution on IIS web platform and distributed applications

How to use 256 bit SSL in IIS 6.0

How to use 256 bit SSL in IIS 6.0

  • Comments 4

 

3 steps:

 

1.       Install the fix http://support.microsoft.com/kb/948963 which will install the cipher sutes AES 128 and AES 256.

2.       The order of cipher suites on Windows 2003 is hard-coded. AES 128 is the highest priority. AES 256 is the next. We only need to disable AES 128 then AES 256 will have the highest priority.

a.       Open regedit.exe on IIS 6.0 machine.

b.      Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers. You should be able to find there are many subkeys, e.g.  AES 128/128.

c.       In subkey AES 128/128, create a DWORD value “Enabled”. Set it as the value 0. It means we would disable AES 128.

3.       Reboot the IIS 6.0 machine.

 

On Vista/Windows7 which support AES 256 machine, you can use IE to browse that IIS 6.0 web site through HTTPS. The SSL uses 256 bit encryption.

 

Regards,

 

Xin Jin

 

Leave a Comment
  • Please add 6 and 1 and type the answer here:
  • Post
  • Thanks this article was very helpful to me. There a number of comments on various sites that claim 256 bit encryption is not supported on windows 2003 (although this was the case initially). This page provides the most up to date information.

  • Hi Xin Jin,

    Thanks your article. It is very helpful to me. I also want to ask you about how to disable cipher

    TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA

    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA

    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5

    TLS_RSA_EXPORT_WITH_RC4_40_MD5

    TLS_RSA_WITH_DES_CBC_SHA

    TLS_RSA_WITH_RC4_128_MD5

    TLS_RSA_WITH_RC4_128_SHA

    Thanks,

    Don

  • Don you may check this article:

    245030 How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll

    support.microsoft.com/default.aspx

  • After installing KB980436 it is not possible to install this hotfix. :(

Page 1 of 1 (4 items)