Require 128-bit Encryption for HTTPS Traffic with ISA Server 2006

By /

You create a secure web publishing rule (SSL Bridging). In the tab Traffic on the Web publishing rule you will see that:

  • the checkbox Notify HTTP users to use HTTPS instead is not available (greyed out).
  • the checkbox Require 128-bit encryption for HTTPS traffic is available.

Next, you want to change the rule so that HTTP traffic will be redirected as HTTPS traffic. Therefore you go to the Web Listener, tab Connections and make the following changes:

  • check the box Enable HTTP connections on port (default port is 80).
  • select the radio button Redirect all traffic from HTTP to HTTPS.

You apply the changes and verify that everything is working as expected.

Finally, you want to enforce 128-bit Encryption for HTTPS traffic. So, you go the Web publishing rule, tab Traffic and see that:

  • the checkbox Notify HTTP users to use HTTPS instead is not available (greyed out).
  • the checkbox Require 128-bit encryption for HTTPS traffic is also not available (greyed out).

Why?!?! Hmm… how can we redirect HTTP to HTTPS *and* require 128-bit encryption in one step?

After some experimenting I found out that you can get it to work if you perform the following steps in sequence:

  • go to the Web Listener, tab Connections and make sure you select the radio button Do not redirect traffic from HTTP to HTTPS.
  • next go to the Web publishing rule, tab Traffic and you will see that the check box Notify HTTP users to use HTTPS instead becomes available. Check that box.
  • by doing that the check box Require 128-bit encryption for HTTPS traffic becomes also available. So, check that box too.
  • finally, go back to the Web Listener, tab Connections and now select the radio button Redirect all traffic from HTTP to HTTPS.

Now, apply the changes and verify that on the Web publishing rule, tab Traffic you see the following:

  • the checkbox Notify HTTP users to use HTTPS instead is checked but not available (greyed out).
  • the checkbox Require 128-bit encryption for HTTPS traffic is checked and available.

Why this strange dependencies in the GUI? This really sounds like a bug because I can’t figure out the logic behind this! 🙁

So, I contacted Microsoft PSS and logged a case for this GUI problem. They confirmed my findings and are investigating how to fix that GUI problem. In the mean time, you can use the workaround I posted above.

HTH,
Stefaan

About The Author

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top