Hi All,
I have tested some websites with www.ssllab.com that are running on my Windows 2008 R2 servers IIS.
There are all failing and in my opinion they are failing big.
Therefore I started investigating what to do and why the settings is not changed by default.
I found this blog post:
Setup-your-iis-ssl-perfect-forward-secrecy-and-tls-1.2
And it seems to cover alot off what are failing in SSLLab.com.
Fordermore I found this post:
TLS1.1 and TLS1.2.
Why is this settings not set by MS and with MS updates?
Should every Windows server with IIS running not change this settings?
As I see, this tool from Nartac does the same thing as the Powershell script and the manuel setting.