Do you disable insecure protocols?
  v2.2 Posted at 21/11/2017 4:22 AM by Tiago Araujo
​For better server security (especially regarding public facing servers​), certain security protocols and ciphers should be disabled.

Using a tool called "IIS Crypto 2.0" by Nartac, these protocols can be easily disabled instead of having to manually edit the Registry Keys.

  1. Download IIS Crypto 2.0 (https://www.nartac.com/Products/IISCrypto/Download )
  2. Run this on the server you wish to lock down
  3. Select the best practices button
    IIS Crypto 2.0.png
    Figure: Good example – TLS should be enabled and SSL should be disabled
  4. Ensure that TLS 1.0 is also disabled and hit apply
  5. The server will need to be rebooted before the settings take effect​

Related rules

    Do you feel this rule needs an update?

    If you want to be notified when this rule is updated, please enter your email address:


    Note: Social Media login for Yotpo is not working in IE or Safari, please use Chrome. We are waiting for Yotpo to fix it.