Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?xml version="1.0" encoding="utf-16"?>
- <iisCryptoTemplate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="0">
- <header>
- <name>Best Practices</name>
- <author>Nartac Software</author>
- <lastUpdated>2018-06-26T18:30:26.0942282Z</lastUpdated>
- <description>This template sets your server to use the best practices for TLS. It aims to be compatible with as many browsers as possible while disabling weak protocols and cipher suites.</description>
- <builtIn>false</builtIn>
- </header>
- <schannel setClientProtocols="true">
- <clientProtocols>
- <schannelItem name="Multi-Protocol Unified Hello" state="Disabled" />
- <schannelItem name="PCT 1.0" state="Disabled" />
- <schannelItem name="SSL 2.0" state="Disabled" />
- <schannelItem name="SSL 3.0" state="Disabled" />
- <schannelItem name="TLS 1.0" state="Enabled" />
- <schannelItem name="TLS 1.1" state="Enabled" minimumOSVersion="Windows2008R2" />
- <schannelItem name="TLS 1.2" state="Enabled" minimumOSVersion="Windows2008R2" />
- </clientProtocols>
- <serverProtocols>
- <schannelItem name="Multi-Protocol Unified Hello" state="Disabled" />
- <schannelItem name="PCT 1.0" state="Disabled" />
- <schannelItem name="SSL 2.0" state="Disabled" />
- <schannelItem name="SSL 3.0" state="Disabled" />
- <schannelItem name="TLS 1.0" state="Enabled" />
- <schannelItem name="TLS 1.1" state="Enabled" minimumOSVersion="Windows2008R2" />
- <schannelItem name="TLS 1.2" state="Enabled" minimumOSVersion="Windows2008R2" />
- </serverProtocols>
- <ciphers>
- <schannelItem name="NULL" state="Disabled" />
- <schannelItem name="DES 56/56" state="Disabled" />
- <schannelItem name="RC2 40/128" state="Disabled" />
- <schannelItem name="RC2 56/128" state="Disabled" />
- <schannelItem name="RC2 128/128" state="Disabled" />
- <schannelItem name="RC4 40/128" state="Disabled" />
- <schannelItem name="RC4 56/128" state="Disabled" />
- <schannelItem name="RC4 64/128" state="Disabled" />
- <schannelItem name="RC4 128/128" state="Disabled" />
- <schannelItem name="Triple DES 168" state="Enabled" />
- <schannelItem name="AES 128/128" state="Enabled" />
- <schannelItem name="AES 256/256" state="Enabled" />
- </ciphers>
- <hashes>
- <schannelItem name="MD5" state="Disabled" />
- <schannelItem name="SHA" state="Enabled" />
- <schannelItem name="SHA 256" state="Enabled" minimumOSVersion="Windows2008R2" />
- <schannelItem name="SHA 384" state="Enabled" minimumOSVersion="Windows2008R2" />
- <schannelItem name="SHA 512" state="Enabled" minimumOSVersion="Windows2008R2" />
- </hashes>
- <keyExchanges>
- <schannelItem name="Diffie-Hellman" state="Enabled" />
- <schannelItem name="PKCS" state="Enabled" />
- <schannelItem name="ECDH" state="Enabled" />
- </keyExchanges>
- </schannel>
- <cipherSuites>
- <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
- <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
- <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
- <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
- <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
- <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
- <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
- <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
- <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
- <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
- <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
- <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
- <cipherSuiteItem name="TLS_RSA_WITH_AES_256_GCM_SHA384" state="Enabled" />
- <cipherSuiteItem name="TLS_RSA_WITH_AES_128_GCM_SHA256" state="Enabled" />
- <cipherSuiteItem name="TLS_RSA_WITH_AES_256_CBC_SHA256" state="Enabled" />
- <cipherSuiteItem name="TLS_RSA_WITH_AES_128_CBC_SHA256" state="Enabled" />
- <cipherSuiteItem name="TLS_RSA_WITH_AES_256_CBC_SHA" state="Enabled" />
- <cipherSuiteItem name="TLS_RSA_WITH_AES_128_CBC_SHA" state="Enabled" />
- <cipherSuiteItem name="TLS_RSA_WITH_3DES_EDE_CBC_SHA" state="Enabled" />
- <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" state="Disabled" />
- <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" state="Disabled" />
- <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" state="Disabled" />
- <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" state="Disabled" />
- <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_256_CBC_SHA" state="Disabled" />
- <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_128_CBC_SHA" state="Disabled" />
- <cipherSuiteItem name="TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" state="Disabled" />
- <cipherSuiteItem name="TLS_RSA_WITH_RC4_128_SHA" state="Disabled" />
- <cipherSuiteItem name="TLS_RSA_WITH_RC4_128_MD5" state="Disabled" />
- <cipherSuiteItem name="TLS_RSA_WITH_NULL_SHA256" state="Disabled" />
- <cipherSuiteItem name="TLS_RSA_WITH_NULL_SHA" state="Disabled" />
- <cipherSuiteItem name="SSL_CK_RC4_128_WITH_MD5" state="Disabled" />
- <cipherSuiteItem name="SSL_CK_DES_192_EDE3_CBC_WITH_MD5" state="Disabled" />
- <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_256_CBC_SHA" state="Disabled" />
- <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_128_CBC_SHA" state="Disabled" />
- <cipherSuiteItem name="TLS_PSK_WITH_AES_256_GCM_SHA384" state="Disabled" />
- <cipherSuiteItem name="TLS_PSK_WITH_AES_128_GCM_SHA256" state="Disabled" />
- <cipherSuiteItem name="TLS_PSK_WITH_AES_256_CBC_SHA384" state="Disabled" />
- <cipherSuiteItem name="TLS_PSK_WITH_AES_128_CBC_SHA256" state="Disabled" />
- <cipherSuiteItem name="TLS_PSK_WITH_NULL_SHA384" state="Disabled" />
- <cipherSuiteItem name="TLS_PSK_WITH_NULL_SHA256" state="Disabled" />
- </cipherSuites>
- </iisCryptoTemplate>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement