[German]Nartac Softwarehas released version 3.3 of its small tool IIS Crypto on October 31, 2022. New additions include support for TLS 1.3 on Windows Server, but also support for new cipher suites.
I had not mentioned the tool here on the blog only indirectly in the form of a user comment in this German blog post. I just saw Thorsten E. on Twitter that IIS Crypto 3.3 has been finally released.
This update supports TLS 1.3 for Windows Server 2022, and includes new cipher suites, updated templates including PCI 4.0, and some changes and some minor fixes. The new version can be downloaded here. IIS Crypto requires at least Windows Server 2008 and the .Net 4.0 framework or higher. Both GUI and command line versions are available.
What is IIS Crypto ?
IIS Crypto is a free tool from Nartac Software that allows administrators to enable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012, 2016, 2019 and 2022. The tool updates the registry with the same settings as described in this article from Microsoft.
However, this can be done conveniently via a GUI as shown above. Moreover, the tool allows you to rearrange the SSL/TLS cipher suites offered by IIS, change advanced settings, implement best practices with a single click, create custom templates and thus test websites.
IIS Crypto updates the encryption software order in the same way as the Group Policy Editor (gpedit.msc). In addition, IIS Crypto allows administrators to create custom templates that can be saved for use on multiple servers. There are GUI and command line versions, both of which use the same built-in templates as well as the custom templates.
IIIS Crypto has been tested on Windows Server 2008, 2008 R2 and 2012, 2012 R2, 2016, 2019 and 2022. However, its use requires administrator permissions. A detailed description of the features of this tool can be found on this website. Searching for "IIS Crypto" on the Internet, one can find several articles that deal with hardening Windows servers (IIS) with the help of this tool.
Cookies helps to fund this blog: Cookie settings