At a glance this script looks more trustworthy and I'm going to try it (after backing up the reg keys). Notice that it uses key SSL\00010002 (not SSL00010002) and it puts the $cipherSuiteOrder value into that key, while the other script appears to process his key incorrectly.
*Greg K* On 6 November 2015 at 00:57, Greg Wood <[email protected]> wrote: > Great site to check SSL certs. Thanks! > > I ran this powershell on a win 2012 r2 machine and went from C to A with a > reboot > > > https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12 > > > > > > On Thu, Nov 5, 2015 at 3:54 PM, Tom Rutter <[email protected]> wrote: > >> Further to my original email it turns out my mate's site has been >> compromised twice in the last few months. They didn't take the ssllabs test >> seriously either from what I've heard and the score remains. I guess I will >> be testing every site I shop from now on. >> >> Cheers >> >> On Mon, Nov 2, 2015 at 2:24 PM, Tom Rutter <[email protected]> wrote: >> >>> Folks >>> >>> I noticed a mate's shopping site over the weekend returning the >>> following in the connection info for the certificate: >>> >>> *Your connection to www.somesite.com <http://www.somesite.com> is >>> encypted using an obsolete cipher suite.* >>> >>> Did some googling, didn't understand much of it but landed on >>> ssllabs.com which runs a test on the site. It gave the site an F rating >>> with the following info >>> >>> - This server supports anonymous (insecure) suites (see below for >>> details). Grade set to F. >>> - This server supports weak Diffie-Hellman (DH) key exchange parameters. >>> Grade capped to B. >>> - This server accepts the RC4 cipher, which is weak. Grade capped to B. >>> - This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade >>> attacks. >>> >>> Should my mate be concerned? The people who created and run his site I >>> assume don't know or do know and aren't concerned. Anybody here used >>> ssllabs before or an alternative and how much should you care about the >>> rating? Even the microsoft store only gets a B with various warnings about >>> inconsistent server configurations. >>> >>> Cheers >>> >> >> >
