Tuesday 21 November 2017

Weak defaults in IIS 8 cryptography (TLS/HTTPS/SSL)

So, this isn't exactly a breaking news headline. IIS isn't the most secure web server in the universe. However, it came as a shock to get a "C" grade on testing our school's management information system portal on Qualys' rather awesome SSL Labs tester.

Even if you're not governed by things like GDPR or POPI, it should be a point of ethical professional practice to ensure there isn't a hole large enough to drive a bus through in your security infrastructure.

Fortunately, there's a really easy way of fixing this.