I think there is an error in the script. I was doing a backup of the affected keys before applying the script to my web server. The script has this line:
"HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL0010002" I have no corresponding key in my server, but very suspiciously I have this one: "HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\0010002" So I'm wondering if that's a typo in the original script. *Greg K* On 5 November 2015 at 11:32, Greg Low (罗格雷格博士) <[email protected]> wrote: > Same here. Ran it when it was mentioned. Got an A. Sitting in Azure > Websites with a Digicert certificate. Done nothing clever. > > > > That’s how it should be. > > > > Regards, > > > > Greg > > > > Dr Greg Low > > > > 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 > fax > > SQL Down Under | Web: www.sqldownunder.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Stephen Price > *Sent:* Wednesday, 4 November 2015 7:15 PM > *To:* ozDotNet <[email protected]> > *Subject:* Re: [OT] SSL testing > > > > I guess there are some advantages to running on Azure websites. I ran that > ssllabs.com test against a client website that I wrote a year or so ago > and got an A. No actions taken on my part (apart from setting up the Azure > website to use the certificate). > > Nice to test it and know though. Thanks for the url. > > > > On Wed, 4 Nov 2015 at 13:20 Grant Maw <[email protected]> wrote: > > For those interested, I've run that script on my Windows 2008 R2 box, it > worked without a hitch and took me from an F to a C. I then manually added > TLS 1.2, rebooted and now I am at a B. A few more bits to do and we'll get > an A. > > [image: Inline images 1] > > > > On 4 November 2015 at 12:45, Paul Glavich <[email protected]> > wrote: > > I have run that script on our staging and production servers. Works well. > > > > Take a registry backup prior. Run it. If issues, then restore. > > > > > > - Glav > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Greg Keogh > *Sent:* Tuesday, 3 November 2015 12:00 PM > *To:* ozDotNet <[email protected]> > *Subject:* Re: [OT] SSL testing > > > > *"An F grade is unacceptably bad, definitely something he needs to get > sorted. Hold the web developer / company accountable for that."* > > > > I could barely sleep last night knowing that I'd flunked with an F. The > trouble is, I don't know who to blame (I am the *developer* and the > *company*!!). My web server is a pretty vanilla Win2008R2 install and I > got the cert from Comodo 6 months ago. I sort of expected that regular > Windows Updates would be fixing this sort of thing, or perhaps I'd get some > sort of security alert somehow. Why are out-of-the-box servers falling > behind best security practises? > > > > I want my server to get an A, but the script I mentioned before worries me > and I'd prefer some specific and trustworthy instructions from somewhere > like TechNet, a KB or MSDN to tell me exactly what to do. > > > > *Greg K* > > > >
