Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

orcing 128-bit encryption without requiring SSL

Status
Not open for further replies.
ShackDaddy

ShackDaddy

MIS
Sep 20, 1999
3,824
0
0
US
Do you know if there's any way, via the registry or otherwise, for force an IIS server to use 128-bit encryption for all SSL connections without checking the "Require Secure Channel" checkbox in the GUI?

I have complex site that is currently using SSL nearly everywhere except for the index page, and I have to be able to pass an audit that hits the index page with SSL and looks at the encryption type. If I use "Require Secure Channel," my users won't be able connect to my splash page with straight HTTP: I'd like them to either connect via HTTP or, if they hit it with SSL, to only be able to use 128-bit encryption.

That index page has a "logon" button that moves them into the SSL section of the site, but unfortunately the audit is only querying the index page.

Thanks!

ShackDaddy
 
Sort by date Sort by votes
What about on your index page using a meta-refresh with a value of "0" to automatically redirect them to the SSL side? PayPal does this and it's pretty smooth.

What type of audit are you using? Is it possible to submit an identical index page on the SSL side to the auditor, while leaving the non-SSL page intact for your visitors who may stumble upon it by accident?

Jim Schuuz
{ F1 = my.friend
}
 
Upvote 0 Downvote
The audit is going to be a security scan that will just log the results of an attempt to connect to my default page with SSL that's encrypted at less than 128-bit. I will see about the meta-refresh approach, but I'm not sure about the exact nature of the test from the 3rd party audit side. Maybe that would work.

I can't "supply" the page that I want the auditor to hit, and if I make any changes to which page is the default, then I've got trouble with the thousands of people that have bookmarked the default page by name...

I'm really looking for something that would force the server to accept only 128-bit encryption WHEN SSL is used. The problem with the GUI is that you only get to force 128-bit if you've already forced SSL. I basically want to disable support for anything less than 128-bit while still allowing HTTP.

Thanks,

ShackDaddy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
163
fredmartinmaine
fredmartinmaine
FreeSoldier
  • Locked
  • Question
Server 2012 R2 VPN Encryption
Replies
1
Views
61
tacohunter
tacohunter
Stijn
  • Locked
  • Question
No access from LAN to FTP-site with SSL
Replies
0
Views
36
Stijn
Stijn
jefferj54
  • Locked
  • Question
SSL Certificate for Remote Desktop
Replies
0
Views
35
jefferj54
jefferj54
scmoh
  • Locked
  • Question
Change Cluster size without formatting
Replies
0
Views
48
scmoh
scmoh

Part and Inventory Search

Sponsor

Back
Top