Harden SSL/TLS vBeta
Harden SSL/TLS allows hardening the SSL/TLS settings of Windows 2000, 2003, 2008, 2008R2, XP, Vista, 7. It allows locally and remotely set SSL policies allowing or denying certain ciphers/hashes or complete ciphersuites.
This tool specific allows setting policies with regards to what ciphers and protocols are available to applications that use SCHANNEL crypto interface. A lot of windows applications do use this interface, for instance Google Chrome as well as Apple Safari are a few of these. By changing the settings you can indirectly control what ciphers these applications are allowed to use.
Advanced mode:
- re-enable ECC P521 mode on Windows7 and 2008R2
- Set TLS Cache size and timeout
Known issues:
- The BETA initialises and sets the OS defaults at startup
Changelog:
- Fixed Protocol initialization on Vista/Seven/2008/2008R2 (Adrian F. Dimcev)
- Fixed TLS 1.1 on Vista/2008 (Reported by Adrian F. Dimcev)
- Read the Documentation (PDF)
More information: here
Thanks to Thierry Zoller, from G-SEC. :)
Post scriptum
Compliance Mandates
|
Related Articles
Configurations checks |
|
Defense |
|
Harden SSL/TLS |
|
Vulnerability Management |
|