3 steps:
1. Install the fix http://support.microsoft.com/kb/948963 which will install the cipher sutes AES 128 and AES 256.
2. The order of cipher suites on Windows 2003 is hard-coded. AES 128 is the highest priority. AES 256 is the next. We only need to disable AES 128 then AES 256 will have the highest priority.
a. Open regedit.exe on IIS 6.0 machine.
b. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers. You should be able to find there are many subkeys, e.g. AES 128/128.
c. In subkey AES 128/128, create a DWORD value “Enabled”. Set it as the value 0. It means we would disable AES 128.
3. Reboot the IIS 6.0 machine.
On Vista/Windows7 which support AES 256 machine, you can use IE to browse that IIS 6.0 web site through HTTPS. The SSL uses 256 bit encryption.
Regards,
Xin Jin
No comments:
Post a Comment