11-23-2022, 07:04 PM
(11-23-2022, 06:30 PM)MJS@mjs.us Wrote: Thanks for this MJS, as you say this is for http.sys so I do not think it works for SA in the same way. I was able to sort out the cipher issue by adding a limited number of ciphers into the servercontroller->cipherlist and this got rid of the SSL lab weak cipher warning but I still have the B rating.
With your Sectigo cert, did you have to install the intermediate certificate into Windows? as I think this is what I am missing and why I get "Certificate Chain incomplete" so hoping that someone knows if it is possible in SA and how to do it. I donlt know if it is maybe simply a case of me installing it into Windows and it will work with SA, doubt it is that eas though :-)
Thanks for your help though, might be an option to go http.sys in future. I don't know much about it though, so need to read up on it.
David.
Quote:I was just able to get an A+ rating on SSLLabs with my Sectigo cert but I am using http.sys not SA. If you search this forum for 'cipher' there may be some settings that will get you to A+.
For anyone using http.sys I disabled RC4, TLS1.0, and TLS1.1 to get the good rating using these PowerShell commands: