Fix “This server supports TLS 1.0 and TLS 1.1” on Qualys SSLlabs test

Over the years, we published some popular articles on how to get the best score on SSLLabs tests.

This year, we’re back on that popular issue, that can now be solved. In January 2020, Qualys changed their test to give note “B” when TLS 1.0 and 1.1 are still supported.

By default, IIS server gives that result on Qualys SSLLabs test.

Even in the last IIS version (10), these protocols they are still enabled by default. (list of default protocols status)

Now, this is what you need to do to avoid that validation message: “This server supports TLS 1.0 and TLS 1.1. Grade capped to B.”

How to fix that on IIS: (Link on microsoft article)

For TLS 1.0: (link on Microsoft article)
For TLS 1.1: (link)

To avoid complexe registry edit, you can copy-paste the following config in a file called “disable-tls-10-11.reg”, created using notepad. then double-click on it.

Content of the file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000000

Save it, and double-click on it, and accept all confirmations, to add these settings to your registry database.

Then reboot your computer, and run your SSL test again. Grade A reached!

How to generate a strong password using Google Chrome

There’s a good password generator embedded into Google Chrome. It appear when you create a login in the “input type password” fields.

But, if you need to generate a password for something else, e.g. mysql database user, there’s no way I found to use it from the menu or somewhere else.

That’s why I create that “fake” signup form, just to use the “generate password” chrome feature.

uid:
pwd:

Save it in in your bookmarks and enjoy!