Setting Encryption Strength

You can configure your Web server to require a 128-bit minimum session-key strength, rather than the default 40-bit key strength, for all SSL secure communication sessions. If you set a minimum 128-bit key strength, however, users attempting to establish a secure communications channel with your server must use a browser capable of communicating with a 128-bit session key.

Important

• For information about upgrading to 128-bit encryption capability, visit the Microsoft Product Support Services Web site.
• When you set security properties for a specific Web site, you automatically set the same security properties for directories and files belonging to that site, unless the security properties of those individual directories and files have been set previously.
• Your Web server will prompt you for permission to reset the properties of individual directories and files when you attempt to set security properties for your Web site. If you choose to reset these properties, your previous security settings will be replaced by the new settings. The same condition applies when you set security properties for a directory containing subdirectories or files with previously set security properties. For more information about setting properties, see Properties and Inheritance of Properties on Sites in About Web and FTP Sites.

Please note that you cannot establish secure, encrypted communications unless you have installed a valid server certificate. See Using the New Security Task Wizards and Obtaining a Server Certificate for more information.

1. In the IIS snap-in, select a Web site, directory, or file, and open its property sheets.
2. If you have not previously created a server key pair and certificate request, select the Directory Security or File Security property sheet. Under Secure Communications, click Server Certificate. The new Web Server Certificate Wizard will guide you through the procedure. For more information about the new wizard, see Using the New Security Task Wizards.
3. If you have previously created a server key pair and certificate request, select the Directory Security or File Security property sheet. Under Secure Communications, click Edit.
4. In the Secure Communications dialog box, select the Require secure channel (SSL) check box.
5. Select the Require 128-bit Encryption check box if this level of encryption is required.

Note   If you select the Require 128-bit encryption check box on a server that is only capable of 56-bit encryption, users will not be able to access resources for which this requirement is selected. Even though the 128-bit encryption check box is enabled, only 56-bit encryption can be used. To enable users to view these resources, clear the check box.

6. Click OK.

Note   The session key is not the same as an SSL key pair, which is used to negotiate and establish a secure communication link.

© 1997-2001 Microsoft Corporation. All rights reserved.