78fcd8a8-18af-49f4-8a64-bccb901e5557
This script checks whether insecure protocols are still enabled: SSLV2.0 / SSLV3.0 / TLS 1.0 / TLS 1.1 / RC4.
Known insecure cipher protocols should be disabled but keep in mind that some applications other than web browsers may still rely on older ciphers such as TLS 1.0.
Guide to disable insecure cipher protocols: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs
More information and recommendations on insecure cipher protocols: https://www.acunetix.com/blog/articles/tls-ssl-cipher-hardening
STIG
IIS10: https://www.ignyteplatform.com/stigs/Microsoft_IIS_10.0_Server_Security_Technical_Implementation_Guide/finding/V-218821
Server:
2022: https://stigviewer.com/stigs/microsoft_windows_server_2022/2025-01-14/finding/V-254263
2019: https://stigviewer.com/stigs/microsoft_windows_server_2019/2025-01-15/finding/V-205829
PCI-DSS v4.0.1: 4.2.1
NIST 800-171 rev2: 3.13.8
NIST 800-171A: 3.13.8[a], 3.13.11
NIST 800-171 rev3: 03.13.08
NIST 800-171A rev3: A.03.13.08[01], A.03.13.11
NIST 800-53 rev4: SC-8, SC-8(1)
NIST 800-53 rev5: SC-8, SC-8(1)
A.03.13.11.ODP[01]"
We created a PowerShell Script to automatically disable all insecure ciphers. It can be found at our github repository here https://github.com/eventsentry/scripts/blob/main/disable_insecure_ciphers.ps1
Manage your cookie preferences below:
To learn more about our use of cookies, please see our
Privacy Policy.