Excuse me, I as long as the registration list, the following Protocals catalog, enable TLS1.2, and disable all low version of the SSL/TLS protocol, can guarantee the safety of IIS HTTPS site visit?
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SecurityProviders \ SCHANNEL \ separate Protocols
Don't worry if I was on the following a few several registry configuration items?
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SecurityProviders \ SCHANNEL \ Ciphers
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SecurityProviders \ SCHANNEL \ Hashes
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SecurityProviders \ SCHANNEL \ KeyExchangeAlgorithms
Registry key HKLM \ SOFTWARE \ Policies \ Microsoft \ Cryptography \ Configuration \ SSL \ 00010002
Registry key HKLM \ SYSTEM \ CurrentControlSet \ Control, Cryptography, the Configuration, the Local \ SSL \ 00010002
My understanding is that as long as enabled TLS1.2 and disable all low version of the SSL/TLS protocol, will automatically stop the client is to use weak cipher suites trying to establish a unsafe and IIS server SSL connection,
Excuse me, great god, I understand it right?
If not, please explain the relationship of several registry configuration items, as well as to establish the SSL/TLS connection, the influence of the
Thank you very much!
CodePudding user response:
In addition, could you please tell me, the server end only allow TLS1.2 please condition, whether the client can still use weak cipher suites try to establish the unsafe and the IIS server SSL/TLS connections?