AnsweredAssumed Answered

Upgrade Diffie-Hellman Prime to 2048bits on Windows Server

Question asked by nle27 on Mar 8, 2017
Latest reply on Mar 21, 2017 by j-mailor

Hello all,

 

I am receiving a bad grade for my Diffie-Hellman Prime length being less than 2048-bits. I am running Windows Servers and tried to edit the cipher orders in IIS. After reboot, and rescanning on ssllabs, it still shows the ciphers I removed. I have also tried to apply "Best Practices" in the IIS Crypto 2.0 and rebooted but also same result. No changes are being applied. I have read weakdh.org but do not understand how to generate a new DH group on a Windows Server.

 

Any help or direction would really be appreciated. Thanks in advance.

Outcomes