Today I'm going to share some experience about SSL rating, time, security, performance and why it is better to turn off the RC4 protocol.
Also I did find and would like to share two useful resources that you can use to check your SSL and Website overall performance:
- https://www.dotcom-tools.com/website-speed-test.aspx to analyze your website from different world locations
- https://www.ssllabs.com/ssltest/analyze.html to analyze your SSL certificate
Using that two tools I did find a few main issues: my IIS server were still using RC4 that is considered non-secure, my DNS resolving time was too long from some points of world and my SSL handshake time was not very fast.
DNS resolving time - is still an issue as it require non-server and non-application actions to be taken to resolve it :(
SSL handshake is not so easy to resolve as well but what I have noticed is that resolving RC4 did speedup overall website loading performance and increase overall security rating.
So first step I would suggest is disabling the RC4 protocol. Lets take a look how to disable it on Windows Server with IIS:
- Open the RegEdit (Win + R >> regedit) and find the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Ciphers
- Right-click on Ciphers >> New >> Key and name it RC4 40/128
- Right-click on RC4 40/128 >> New >> DWORD (32-bit) Value and name the value Enabled
- Double-click the created Enabled value and make sure that there is zero (0) in Value Data field then click OK
- Repeat those steps and create two more keys with the names RC4 56/128 and RC4 128/128 in the Ciphers directory
- Close the RegEdit
In my case it was not required to reboot my server so I hope you will see the result immediately as well using the ssllabs web-tool I mentioned before.
This will give your A Rating for your SSL website security and as I noticed it speed up your website overall loading time (including SSL time) by 1.2-1.5 times.
Hope that will help you as well and let me know if you can add some useful info in comments.
Thank you and see you :)