dagrek

In order to improved your Security grading of your SSL implementation (and get an A grade from  https://www.ssllabs.com/ssltest/ ) You can use IIS Crypto  which will help you disable the bad protocls, ciphers and hashes There is a nice powershell script available here:  https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12 The final battle is to order the SSL Cipher Suite (again IIS Crypto can help with this). https://en.wikipedia.org/wiki/Forward_secrecy Based on IIS Crypto; I had to run the following  New-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002' -name 'Functions' -value 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE