To set Ciphers on Windows for IIS requires a bit of powershell scripting and there is a guide available here
However to update the SSL ciphers that we are using on a Virtual Service (VS) in the load balancer is much easier. Once you have assigned an SSL cert do the following to update the ciphers
- Click Virtual Services
- Click View/Modify Services
- Select the VS to update
- You will note that SSL acceleration is Enabled and there is a Cihpers list which by default just contains the default ciphers.
- On the left column are the available ciphers - ticking the various options in the "Selection filters" check boxes on the right filters this list
- Tick "Perfect Forward Secrecy", "No RC4"" and "TLS 1.x Ciphers Only"
- Highlight all of the available ciphers in the now filtered list
- Click on the > button to move the selected ciphers over to the "Assigned Ciphers" list and be sure to click the "Set Ciphers" button to confirm the new ciphers
![]() |
Options required to filter the list |
Test the SSL configuration at here: https://www.ssllabs.com/ssltest/ but make sure to tick the box to not sure the results of your test on the results board! You should get an A rating on your SSL configuration.
No comments:
Post a Comment