To set Ciphers on Windows for IIS requires a bit of powershell scripting and there is a guide available here
However to update the SSL ciphers that we are using on a Virtual Service (VS) in the load balancer is much easier. Once you have assigned an SSL cert do the following to update the ciphers
- Click Virtual Services
- Click View/Modify Services
- Select the VS to update
- You will note that SSL acceleration is Enabled and there is a Cihpers list which by default just contains the default ciphers.
- On the left column are the available ciphers - ticking the various options in the "Selection filters" check boxes on the right filters this list
- Tick "Perfect Forward Secrecy", "No RC4"" and "TLS 1.x Ciphers Only"
- Highlight all of the available ciphers in the now filtered list
- Click on the > button to move the selected ciphers over to the "Assigned Ciphers" list and be sure to click the "Set Ciphers" button to confirm the new ciphers
Options required to filter the list |
Test the SSL configuration at here: https://www.ssllabs.com/ssltest/ but make sure to tick the box to not sure the results of your test on the results board! You should get an A rating on your SSL configuration.
No comments:
Post a Comment