If you are setting up a windows server that’s going to be dishing out websites using IIS on the web then you really need to make a few changes to default settings when it comes to SSL security and settings.
IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012 and 2016. It also lets you reorder SSL/TLS cipher suites offered by IIS, implement best practices with a single click, create custom templates and test your website.
For further information and to download the tool visit https://www.nartac.com/Products/IISCrypto
Once you’ve tweaked your configuration (you can’t really go wrong with the “Best Practices” button) you should go and test your sites using something like https://www.ssllabs.com/ssltest/ to see how they fare.
If you’d like to find out more information on SSL and how it works then Bill over at PixelPrivacy has put together an incredibly in-depth guide on how SSL works and what it means to the average user.