API tools faq
paste
Advertisement
jmeg8r

BP2K16 Profile

jmeg8r
Aug 9th, 2018
595
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.54 KB | None | 0 0
raw download clone embed print report
  1. <?xml version="1.0" encoding="utf-16"?>
  2. <iisCryptoTemplate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="0">
  3. <header>
  4. <name>Best Practices</name>
  5. <author>Nartac Software</author>
  6. <lastUpdated>2018-06-26T18:30:26.0942282Z</lastUpdated>
  7. <description>This template sets your server to use the best practices for TLS. It aims to be compatible with as many browsers as possible while disabling weak protocols and cipher suites.</description>
  8. <builtIn>false</builtIn>
  9. </header>
  10. <schannel setClientProtocols="true">
  11. <clientProtocols>
  12. <schannelItem name="Multi-Protocol Unified Hello" state="Disabled" />
  13. <schannelItem name="PCT 1.0" state="Disabled" />
  14. <schannelItem name="SSL 2.0" state="Disabled" />
  15. <schannelItem name="SSL 3.0" state="Disabled" />
  16. <schannelItem name="TLS 1.0" state="Enabled" />
  17. <schannelItem name="TLS 1.1" state="Enabled" minimumOSVersion="Windows2008R2" />
  18. <schannelItem name="TLS 1.2" state="Enabled" minimumOSVersion="Windows2008R2" />
  19. </clientProtocols>
  20. <serverProtocols>
  21. <schannelItem name="Multi-Protocol Unified Hello" state="Disabled" />
  22. <schannelItem name="PCT 1.0" state="Disabled" />
  23. <schannelItem name="SSL 2.0" state="Disabled" />
  24. <schannelItem name="SSL 3.0" state="Disabled" />
  25. <schannelItem name="TLS 1.0" state="Enabled" />
  26. <schannelItem name="TLS 1.1" state="Enabled" minimumOSVersion="Windows2008R2" />
  27. <schannelItem name="TLS 1.2" state="Enabled" minimumOSVersion="Windows2008R2" />
  28. </serverProtocols>
  29. <ciphers>
  30. <schannelItem name="NULL" state="Disabled" />
  31. <schannelItem name="DES 56/56" state="Disabled" />
  32. <schannelItem name="RC2 40/128" state="Disabled" />
  33. <schannelItem name="RC2 56/128" state="Disabled" />
  34. <schannelItem name="RC2 128/128" state="Disabled" />
  35. <schannelItem name="RC4 40/128" state="Disabled" />
  36. <schannelItem name="RC4 56/128" state="Disabled" />
  37. <schannelItem name="RC4 64/128" state="Disabled" />
  38. <schannelItem name="RC4 128/128" state="Disabled" />
  39. <schannelItem name="Triple DES 168" state="Enabled" />
  40. <schannelItem name="AES 128/128" state="Enabled" />
  41. <schannelItem name="AES 256/256" state="Enabled" />
  42. </ciphers>
  43. <hashes>
  44. <schannelItem name="MD5" state="Disabled" />
  45. <schannelItem name="SHA" state="Enabled" />
  46. <schannelItem name="SHA 256" state="Enabled" minimumOSVersion="Windows2008R2" />
  47. <schannelItem name="SHA 384" state="Enabled" minimumOSVersion="Windows2008R2" />
  48. <schannelItem name="SHA 512" state="Enabled" minimumOSVersion="Windows2008R2" />
  49. </hashes>
  50. <keyExchanges>
  51. <schannelItem name="Diffie-Hellman" state="Enabled" />
  52. <schannelItem name="PKCS" state="Enabled" />
  53. <schannelItem name="ECDH" state="Enabled" />
  54. </keyExchanges>
  55. </schannel>
  56. <cipherSuites>
  57. <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
  58. <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
  59. <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
  60. <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
  61. <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
  62. <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
  63. <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
  64. <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
  65. <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
  66. <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
  67. <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
  68. <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
  69. <cipherSuiteItem name="TLS_RSA_WITH_AES_256_GCM_SHA384" state="Enabled" />
  70. <cipherSuiteItem name="TLS_RSA_WITH_AES_128_GCM_SHA256" state="Enabled" />
  71. <cipherSuiteItem name="TLS_RSA_WITH_AES_256_CBC_SHA256" state="Enabled" />
  72. <cipherSuiteItem name="TLS_RSA_WITH_AES_128_CBC_SHA256" state="Enabled" />
  73. <cipherSuiteItem name="TLS_RSA_WITH_AES_256_CBC_SHA" state="Enabled" />
  74. <cipherSuiteItem name="TLS_RSA_WITH_AES_128_CBC_SHA" state="Enabled" />
  75. <cipherSuiteItem name="TLS_RSA_WITH_3DES_EDE_CBC_SHA" state="Enabled" />
  76. <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" state="Disabled" />
  77. <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" state="Disabled" />
  78. <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" state="Disabled" />
  79. <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" state="Disabled" />
  80. <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_256_CBC_SHA" state="Disabled" />
  81. <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_128_CBC_SHA" state="Disabled" />
  82. <cipherSuiteItem name="TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" state="Disabled" />
  83. <cipherSuiteItem name="TLS_RSA_WITH_RC4_128_SHA" state="Disabled" />
  84. <cipherSuiteItem name="TLS_RSA_WITH_RC4_128_MD5" state="Disabled" />
  85. <cipherSuiteItem name="TLS_RSA_WITH_NULL_SHA256" state="Disabled" />
  86. <cipherSuiteItem name="TLS_RSA_WITH_NULL_SHA" state="Disabled" />
  87. <cipherSuiteItem name="SSL_CK_RC4_128_WITH_MD5" state="Disabled" />
  88. <cipherSuiteItem name="SSL_CK_DES_192_EDE3_CBC_WITH_MD5" state="Disabled" />
  89. <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_256_CBC_SHA" state="Disabled" />
  90. <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_128_CBC_SHA" state="Disabled" />
  91. <cipherSuiteItem name="TLS_PSK_WITH_AES_256_GCM_SHA384" state="Disabled" />
  92. <cipherSuiteItem name="TLS_PSK_WITH_AES_128_GCM_SHA256" state="Disabled" />
  93. <cipherSuiteItem name="TLS_PSK_WITH_AES_256_CBC_SHA384" state="Disabled" />
  94. <cipherSuiteItem name="TLS_PSK_WITH_AES_128_CBC_SHA256" state="Disabled" />
  95. <cipherSuiteItem name="TLS_PSK_WITH_NULL_SHA384" state="Disabled" />
  96. <cipherSuiteItem name="TLS_PSK_WITH_NULL_SHA256" state="Disabled" />
  97. </cipherSuites>
  98. </iisCryptoTemplate>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!