Enabling FIPS for use in IIS 6.0 with SSL

Hey all~

Recently, a question was asked here to the Microsoft IIS experts that I found to be pretty darn interesting.  That is to say, "I didn't know that..."  The question was related to enabling FIPS support for use with IIS 6.0 & SSL which is a corner-case situation for most but a valid question nonetheless.

The customer question read:

... what is [Microsoft's] ability to support SSL communications with 3DES or AES ciphers. This is in response to FIPS 140-2. It appears the highest we can configure through the standard IIS admin windows is 128-bit (RC4 cipher?) encryption.


... how we would go about changing IIS SSL encryption to also support 3DES and or AES? Is it possible?


Had this question been posed to me, I would have responded...Hmm, ummm...well, sheesh, I dunno.  The great thing is that someone with a much more educated, useful answer sat there and patiently responded - easy! 


In the Local Security Policy for the web server, make sure that you enable FIPS support by choosing the Security Setting enabled.

NOTE:  Click the link to get a pretty useful blog as well from a MSDN blogger.



Comments have been disabled for this content.