SHARE
TWEET

BP2K16 Profile

jmeg8r Aug 9th, 2018 59 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?xml version="1.0" encoding="utf-16"?>
  2. <iisCryptoTemplate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="0">
  3.   <header>
  4.     <name>Best Practices</name>
  5.     <author>Nartac Software</author>
  6.     <lastUpdated>2018-06-26T18:30:26.0942282Z</lastUpdated>
  7.     <description>This template sets your server to use the best practices for TLS. It aims to be compatible with as many browsers as possible while disabling weak protocols and cipher suites.</description>
  8.     <builtIn>false</builtIn>
  9.   </header>
  10.   <schannel setClientProtocols="true">
  11.     <clientProtocols>
  12.       <schannelItem name="Multi-Protocol Unified Hello" state="Disabled" />
  13.       <schannelItem name="PCT 1.0" state="Disabled" />
  14.       <schannelItem name="SSL 2.0" state="Disabled" />
  15.       <schannelItem name="SSL 3.0" state="Disabled" />
  16.       <schannelItem name="TLS 1.0" state="Enabled" />
  17.       <schannelItem name="TLS 1.1" state="Enabled" minimumOSVersion="Windows2008R2" />
  18.       <schannelItem name="TLS 1.2" state="Enabled" minimumOSVersion="Windows2008R2" />
  19.     </clientProtocols>
  20.     <serverProtocols>
  21.       <schannelItem name="Multi-Protocol Unified Hello" state="Disabled" />
  22.       <schannelItem name="PCT 1.0" state="Disabled" />
  23.       <schannelItem name="SSL 2.0" state="Disabled" />
  24.       <schannelItem name="SSL 3.0" state="Disabled" />
  25.       <schannelItem name="TLS 1.0" state="Enabled" />
  26.       <schannelItem name="TLS 1.1" state="Enabled" minimumOSVersion="Windows2008R2" />
  27.       <schannelItem name="TLS 1.2" state="Enabled" minimumOSVersion="Windows2008R2" />
  28.     </serverProtocols>
  29.     <ciphers>
  30.       <schannelItem name="NULL" state="Disabled" />
  31.       <schannelItem name="DES 56/56" state="Disabled" />
  32.       <schannelItem name="RC2 40/128" state="Disabled" />
  33.       <schannelItem name="RC2 56/128" state="Disabled" />
  34.       <schannelItem name="RC2 128/128" state="Disabled" />
  35.       <schannelItem name="RC4 40/128" state="Disabled" />
  36.       <schannelItem name="RC4 56/128" state="Disabled" />
  37.       <schannelItem name="RC4 64/128" state="Disabled" />
  38.       <schannelItem name="RC4 128/128" state="Disabled" />
  39.       <schannelItem name="Triple DES 168" state="Enabled" />
  40.       <schannelItem name="AES 128/128" state="Enabled" />
  41.       <schannelItem name="AES 256/256" state="Enabled" />
  42.     </ciphers>
  43.     <hashes>
  44.       <schannelItem name="MD5" state="Disabled" />
  45.       <schannelItem name="SHA" state="Enabled" />
  46.       <schannelItem name="SHA 256" state="Enabled" minimumOSVersion="Windows2008R2" />
  47.       <schannelItem name="SHA 384" state="Enabled" minimumOSVersion="Windows2008R2" />
  48.       <schannelItem name="SHA 512" state="Enabled" minimumOSVersion="Windows2008R2" />
  49.     </hashes>
  50.     <keyExchanges>
  51.       <schannelItem name="Diffie-Hellman" state="Enabled" />
  52.       <schannelItem name="PKCS" state="Enabled" />
  53.       <schannelItem name="ECDH" state="Enabled" />
  54.     </keyExchanges>
  55.   </schannel>
  56.   <cipherSuites>
  57.     <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
  58.     <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
  59.     <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
  60.     <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
  61.     <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
  62.     <cipherSuiteItem name="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
  63.     <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
  64.     <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
  65.     <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" state="Enabled" minimumOSVersion="Windows2016" />
  66.     <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" state="Enabled" minimumOSVersion="Windows2016" />
  67.     <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
  68.     <cipherSuiteItem name="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" state="Enabled" minimumOSVersion="Windows2016" />
  69.     <cipherSuiteItem name="TLS_RSA_WITH_AES_256_GCM_SHA384" state="Enabled" />
  70.     <cipherSuiteItem name="TLS_RSA_WITH_AES_128_GCM_SHA256" state="Enabled" />
  71.     <cipherSuiteItem name="TLS_RSA_WITH_AES_256_CBC_SHA256" state="Enabled" />
  72.     <cipherSuiteItem name="TLS_RSA_WITH_AES_128_CBC_SHA256" state="Enabled" />
  73.     <cipherSuiteItem name="TLS_RSA_WITH_AES_256_CBC_SHA" state="Enabled" />
  74.     <cipherSuiteItem name="TLS_RSA_WITH_AES_128_CBC_SHA" state="Enabled" />
  75.     <cipherSuiteItem name="TLS_RSA_WITH_3DES_EDE_CBC_SHA" state="Enabled" />
  76.     <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" state="Disabled" />
  77.     <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" state="Disabled" />
  78.     <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" state="Disabled" />
  79.     <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" state="Disabled" />
  80.     <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_256_CBC_SHA" state="Disabled" />
  81.     <cipherSuiteItem name="TLS_DHE_DSS_WITH_AES_128_CBC_SHA" state="Disabled" />
  82.     <cipherSuiteItem name="TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" state="Disabled" />
  83.     <cipherSuiteItem name="TLS_RSA_WITH_RC4_128_SHA" state="Disabled" />
  84.     <cipherSuiteItem name="TLS_RSA_WITH_RC4_128_MD5" state="Disabled" />
  85.     <cipherSuiteItem name="TLS_RSA_WITH_NULL_SHA256" state="Disabled" />
  86.     <cipherSuiteItem name="TLS_RSA_WITH_NULL_SHA" state="Disabled" />
  87.     <cipherSuiteItem name="SSL_CK_RC4_128_WITH_MD5" state="Disabled" />
  88.     <cipherSuiteItem name="SSL_CK_DES_192_EDE3_CBC_WITH_MD5" state="Disabled" />
  89.     <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_256_CBC_SHA" state="Disabled" />
  90.     <cipherSuiteItem name="TLS_DHE_RSA_WITH_AES_128_CBC_SHA" state="Disabled" />
  91.     <cipherSuiteItem name="TLS_PSK_WITH_AES_256_GCM_SHA384" state="Disabled" />
  92.     <cipherSuiteItem name="TLS_PSK_WITH_AES_128_GCM_SHA256" state="Disabled" />
  93.     <cipherSuiteItem name="TLS_PSK_WITH_AES_256_CBC_SHA384" state="Disabled" />
  94.     <cipherSuiteItem name="TLS_PSK_WITH_AES_128_CBC_SHA256" state="Disabled" />
  95.     <cipherSuiteItem name="TLS_PSK_WITH_NULL_SHA384" state="Disabled" />
  96.     <cipherSuiteItem name="TLS_PSK_WITH_NULL_SHA256" state="Disabled" />
  97.   </cipherSuites>
  98. </iisCryptoTemplate>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top