Configuring IIS for SSL
Traffic between a web browser and a web server on the internet, or even within a corporate intranet, is open, and can be intercepted. To avoid the data being compromised, you can make use of protocols built into your web browser, along with IIS, to provide encryption, as well as authentication.
In the 1990s, Netscape Communications developed a protocol that provided some necessary security, in the form of the Secure Socket Layer (SSL) protocol. SSL 1.0 was never commercially released, while SSL 2.0 and SSL 3.0 were developed and released, but are now deprecated as unsafe.
Transport Layer Security (TLS) was developed openly as the next version of SSL. TLS 1.0 is essentially SSL 3.1. In 2014, Google identified a serious vulnerability in both SSL 3.0 and TLS 1.0. That leaves TLS 2.0 as the best protocol to deploy, and it is the only one installed by default with IIS in Windows Server 2019.
These days, SSL, as a protocol, is being deprecated in favor of TLS. Most major...
