According to the last SSL Labs report, everything is green on my server, except support for TLS_FALLBACK_SCSV.
Not currently possible with IIS it seems
I've read everywhere that this is not supported on Windows Servers, for example, here:
- Scott Helme, 2015-01-11, Getting an A+ on the Qualys SSL Test - Windows Edition:
Unfortunately, changes to the Qualys SSL Test since I started writing this article now require TLS_FALLBACK_SCSV support to get an A+ rating, but Microsoft has not released support in IIS. This means that all Windows Servers will be capped at an A rating until support is introduced.
So why does this work for an IIS-using customer of mine?
After spending many hours searching for a solution, I gave up. However, I've recently checked one of my customer's website with SSL Labs report tool and I can see that it is supported :
And it is a Windows Server 2008 R2 Standard!
I know you can get it supported by disabling TLS 1.1 and TLS 1.0, but they are enabled:
I am not very interested by getting an A+, and I've read that its support is not really needed. I am just very curious about how this Windows Server supports TLS_FALLBACK_SCSV although everyone says it is not possible.
What are the steps to achieve it?
