It is recommended that you disable all unnecessary encryption methods and protocols on the grounds of security. If you disable redundant protocols and methods, older platforms and systems may not be able to establish connections with web applications anymore. Therefore, you must decide which protocols and methods are necessary, based on the platforms required.

NOTE: The software "IIS Crypto" from Nartac Software is recommended for disabling encryption methods and protocols.

For more information about disabling encryption, see https://www.nartac.com/Products/IISCrypto.

Detailed information about this topic

https://blogs.technet.microsoft.com/exchange/2015/07/27/exchange-tls-ssl-best-practices/

https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc

Removing the HTTP response header in Windows IIS

Attackers can obtain a lot of information about your servers and network by looking at the response header your server returns.

To give attackers a little information as possible, you can remove the HTTP response header in Windows IIS.

To remove the HTTP response header in Windows IIS

Read the instructions in the following links:
- https://github.com/dionach/stripheaders
- https://www.saotn.org/remove-iis-server-version-http-response-header/

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Identity Manager 8.2.1 - Web Application Configuration Guide

Disabling insecure encryption mechanisms

Detailed information about this topic

Removing the HTTP response header in Windows IIS