Version 3.3 Build 17 - Released October 31, 2022

• Added TLS 1.3 and new cipher suites for Windows Server 2022
• Updated all templates to support TLS 1.3
• PCI 4.0 template added which removes SHA1 and non forward secrecy cipher suites
• Strict template removes CBC cipher suites on Windows 2016 and above
• Removed a single instance check on startup

Version 3.2 Build 16 - Released April 11, 2020

• Added override enabled feature to set Protocols Enabled to 1 instead of 0xffffffff
• Only a single instance of IIS Crypto can be run

Version 3.1 Build 15 - Released December 19, 2019

• Changed the target platform to AnyCPU
• Updated code signing certificate
• Crash on Windows Server 2008 R2 with older versions of .Net

Version 3.0 Build 14 - Released February 10, 2019

• Advanced tab for additional registry settings
• Backup current registry settings
• Separate check list box for client side protocols
• Simplified template file format
• Strict template
• List HTTPS sites from IIS for the Site Scanner
• Reboot checkbox on the GUI
• Windows Server 2019 support
• TLS 1.1 and 1.2 in Windows 2008 Server first release
• Best Practices and PCI 3.2 templates remove the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite
• PCI template has been updated to PCI version 3.2
• All templates disable the FIPS Algorithm Policy except for FIPS 140-2
• Set DHE Minimum Server Length to 2048 for Best Practices, PCI 3.2 and Strict templates
• Automatic upgrade of old template file format
• Force TLS 1.2 connections when using Check for Updates
• If the registry value type is incorrect, IIS Crypto changes it to the correct type
• Invalid cast error when loading keys from the registry that are not the correct type
• Saving templates do not include the version nor is the header copied
• If a template is newer than the version expected, it reverts back to server defaults instead of just leaving the current settings
• Spelling mistakes

Version 2.0 Build 11 - Released July 15, 2016

• Full version information to About tab
• Crash when run from a network share

Version 2.0 Build 10 - Released July 8, 2016

• Complete application and GUI redesign
• Built-in and custom templates support
• Windows 10 and Windows Server 2016 support
• Schannel client side protocols
• Automatic and manual check for updates
• All cipher suites are loaded from the OS list of defaults
• Add your own cipher suites if they are not in the OS list of defaults
• PCI 3.1 template
• Custom templates in the same folder as IIS Crypto are added to the template list automatically
• Reboot switch for the console application
• Dropped support for Windows 2003 and lower
• Changed cipher suite order for Best Practices template and now includes DSA certificates
• UI is now resizable
• Warning messages for disabling TLS 1.0 in Windows Server 2008 and 2008 R2 for RDP support
• Executables are now dual signed with SHA1 and SHA256
• Console application now takes built-in templates and external files as parameters
• Triple DES 168/168 was renamed to Triple DES 168 for Windows Server 2008 and newer
• Unchecking all cipher suites when none are specified caused all to be checked instead of unchecked

Version 1.6 Build 7 - Released November 17, 2014

• Additional cipher suites for all platforms due to MS14-066
• Triple DES 168/168 was changed to Triple DES 168 in Vista/2008 and newer
• PCI button now disables SSL 3.0 and RC4 128/128
• Missing cipher suites TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

Version 1.5 Build 6 - Released November 8, 2014

• New cipher suites: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384 and TLS_RSA_WITH_AES_128_GCM_SHA256 for Windows 2012 R2
• New hashes: SHA 256, SHA 384 and SHA 512
• New key exchange: ECDH
• Check all and uncheck all buttons for the cipher suite order
• Best Practices has updated the cipher suite order to exclude RC4 encryption and DSA certificates
• Disabled SSL 3.0 for Best Practices because of the POODLE attack
• Hide TLS 1.1 and 1.2 for Windows 2008 (not R2) and lower
• IIS Crypto now looks for both 0xffffffff and 0x1 for Enabled values in the registry
• Warning message if TLS 1.0 is unchecked and Remote Desktop is set to use it
• Cipher suite order for TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521

Version 1.4 Build 5 - Released November 5, 2013

• Best practices template and command line option
• Help button with FAQ link
• Qualys SSL server test
• Cipher suites are no longer loaded from the registry as they are not all included
• Cipher suites are listed in the best practices order if none have been selected
• Cipher suites are only checked or unchecked when the checkbox is clicked
• Reordered the template buttons
• Removed the BEAST template button and command line option

Version 1.3 Build 4 - Released December 12, 2012

• .Net 4.0 executables for Windows 2012
• BEAST button and command line option to re-order the cipher suite to put RC4 at the top
• Message for unsupported SSL Cipher Suite Order in Windows 2003
• Minor GUI issues

Version 1.2 Build 3 - Released August 28, 2012

• Invalid timestamp for executable signature
• When running under a non-administrator account, IIS Crypto crashes with a System.Security.SecurityException

Version 1.1 Build 2 - Released February 26, 2012

• A new command line version
• License agreement dialog on first run
• Warning dialog if the SSL Cipher Suite Order is changed
• Default settings are now restored after the Apply button is clicked
• DisabledByDefault is set for protocols, this will fix support for TLS 1.1 and TLS 1.2
• SSL Cipher Suite Order not being displayed correctly

Version 1.0 Build 1 - Released May 6, 2011

• Initial version