IIS Crypto updates the registry using the same settings from this article by Microsoft.It also updates the cipher suite order in the same way that the Group Policy Editor (gpedit.msc) does.The server you’re connecting to replies to your browser with a list of encryption options to choose from in order of most preferred to least.Your browser goes down the list until it finds an encryption option it likes and we’re off and running. (No one says that.) The fatal flaw in this is that not all of the encryption options are created equally.Just follow this step by step guide to protect your users and your server. It has a user friendly graphical interface that makes configuration a breeze. IIS really has a lot going for it, but really falls flat when it comes to security defaults. Your browser initiates a secure connection to a site.You’ll also learn how to test services you use to see how safe they really are. This is most easily identified by a URL starting with “HTTPS://”.If your site is offering up some ECDH options but also some DES options, your server will connect on either.
If your template is in the same folder as IIS Crypto it will show up automatically in the drop down box without having to click the Open button first.
Click on the Templates button and give your template a name, author and description if desired.
Then click on the Save button to save your template to disk.
If your site is running on Microsoft Internet Information Services (IIS), you might be in for a surprise.
Providing a better cipher suite is free and pretty easy to setup.