jmeg8r

BP2K16 Profile

Aug 9th, 2018
91
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?xml version="1.0" encoding="utf-16"?>
  2. <iisCryptoTemplate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="0">
  3. <header>
  4. <name>Best Practices</name>
  5. <author>Nartac Software</author>
  6. <lastUpdated>2018-06-26T18:30:26.0942282Z</lastUpdated>
  7. <description>This template sets your server to use the best practices for TLS. It aims to be compatible with as many browsers as possible while disabling weak protocols and cipher suites.</description>
  8. <builtIn>false</builtIn>
  9. </header>
  10. <schannel setClientProtocols="true">
  11. <clientProtocols>
  12. <schannelItem name="Multi-Protocol Unified Hello" state="Disabled" />
  13. <schannelItem name="PCT 1.0" state="Disabled" />
  14. <schannelItem name="SSL 2.0" state="Disabled" />
  15. <schannelItem name="SSL 3.0" state="Disabled" />
  16. <schannelItem name="TLS 1.0" state="Enabled" />
  17. <schannelItem name="TLS 1.1" state="Enabled" minimumOSVersion="Windows2008R2" />
  18. <schannelItem name="TLS 1.2" state="Enabled" minimumOSVersion="Windows2008R2" />
  19. </clientProtocols>
  20. <serverProtocols>
  21. <schannelItem name="Multi-Protocol Unified Hello" state="Disabled" />
  22. <schannelItem name="PCT 1.0" state="Disabled" />
  23. <schannelItem name="SSL 2.0" state="Disabled" />
  24. <schannelItem name="SSL 3.0" state="Disabled" />
  25. <schannelItem name="TLS 1.0" state="Enabled" />
  26. <schannelItem name="TLS 1.1" state="Enabled" minimumOSVersion="Windows2008R2" />
  27. <schannelItem name="TLS 1.2" state="Enabled" minimumOSVersion="Windows2008R2" />
  28. </serverProtocols>
  29. <ciphers>
  30. <schannelItem name="NULL" state="Disabled" />
  31. <schannelItem name="DES 56/56" state="Disabled" />
  32. <schannelItem name="RC2 40/128" state="Disabled" />
  33. <schannelItem name="RC2 56/128" state="Disabled" />
  34. <schannelItem name="RC2 128/128" state="Disabled" />
  35. <schannelItem name="RC4 40/128" state="Disabled" />
  36. <schannelItem name="RC4 56/128" state="Disabled" />
  37. <schannelItem name="RC4 64/128" state="Disabled" />
  38. <schannelItem name="RC4 128/128" state="Disabled" />
  39. <schannelItem name="Triple DES 168" state="Enabled" />
  40. <schannelItem name="AES 128/128" state="Enabled" />
  41. <schannelItem name="AES 256/256" state="Enabled" />
  42. </ciphers>
  43. <hashes>
  44. <schannelItem name="MD5" state="Disabled" />
  45. <schannelItem name="SHA" state="Enabled" />
  46. <schannelItem name="SHA 256" state="Enabled" minimumOSVersion="Windows2008R2" />
  47. <schannelItem name="SHA 384" state="Enabled" minimumOSVersion="Windows2008R2" />
  48. <schannelItem name="SHA 512" state="Enabled" minimumOSVersion="Windows2008R2" />
  49. </hashes>
  50. <keyExchanges>
  51. <schannelItem name="Diffie-Hellman" state="Enabled" />
  52. <schannelItem name="PKCS" state="Enabled" />
  53. <schannelItem name="ECDH" state="Enabled" />
  54. </keyExchanges>
  55. </schannel>
  56. <cipherSuites>
  57. <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
  58. <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
  59. <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
  60. <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
  61. <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
  62. <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
  63. <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
  64. <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
  65. <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
  66. <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
  67. <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
  68. <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
  69. <cipherSuiteItem name="TLS_RSA_WITH_AES_256_GCM_SHA384" state="Enabled" />
  70. <cipherSuiteItem name="TLS_RSA_WITH_AES_128_GCM_SHA256" state="Enabled" />
  71. <cipherSuiteItem name="TLS_RSA_WITH_AES_256_CBC_SHA256" state="Enabled" />
  72. <cipherSuiteItem name="TLS_RSA_WITH_AES_128_CBC_SHA256" state="Enabled" />
  73. <cipherSuiteItem name="TLS_RSA_WITH_AES_256_CBC_SHA" state="Enabled" />
  74. <cipherSuiteItem name="TLS_RSA_WITH_AES_128_CBC_SHA" state="Enabled" />
  75. <cipherSuiteItem name="TLS_RSA_WITH_3DES_EDE_CBC_SHA" state="Enabled" />
  76. <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" state="Disabled" />
  77. <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" state="Disabled" />
  78. <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" state="Disabled" />
  79. <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" state="Disabled" />
  80. <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_256_CBC_SHA" state="Disabled" />
  81. <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_128_CBC_SHA" state="Disabled" />
  82. <cipherSuiteItem name="TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" state="Disabled" />
  83. <cipherSuiteItem name="TLS_RSA_WITH_RC4_128_SHA" state="Disabled" />
  84. <cipherSuiteItem name="TLS_RSA_WITH_RC4_128_MD5" state="Disabled" />
  85. <cipherSuiteItem name="TLS_RSA_WITH_NULL_SHA256" state="Disabled" />
  86. <cipherSuiteItem name="TLS_RSA_WITH_NULL_SHA" state="Disabled" />
  87. <cipherSuiteItem name="SSL_CK_RC4_128_WITH_MD5" state="Disabled" />
  88. <cipherSuiteItem name="SSL_CK_DES_192_EDE3_CBC_WITH_MD5" state="Disabled" />
  89. <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_256_CBC_SHA" state="Disabled" />
  90. <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_128_CBC_SHA" state="Disabled" />
  91. <cipherSuiteItem name="TLS_PSK_WITH_AES_256_GCM_SHA384" state="Disabled" />
  92. <cipherSuiteItem name="TLS_PSK_WITH_AES_128_GCM_SHA256" state="Disabled" />
  93. <cipherSuiteItem name="TLS_PSK_WITH_AES_256_CBC_SHA384" state="Disabled" />
  94. <cipherSuiteItem name="TLS_PSK_WITH_AES_128_CBC_SHA256" state="Disabled" />
  95. <cipherSuiteItem name="TLS_PSK_WITH_NULL_SHA384" state="Disabled" />
  96. <cipherSuiteItem name="TLS_PSK_WITH_NULL_SHA256" state="Disabled" />
  97. </cipherSuites>
  98. </iisCryptoTemplate>
RAW Paste Data