Setting Encryption Strength (IIS 6.0)
You can configure your Web server to require a 128-bit minimum session-key strength for all Secure Sockets Layer (SSL) communications. This is the default session-key strength for Microsoft Windows Server 2003.
If you set a minimum 128-bit key strength, users attempting to establish a secure communications channel with your server must use a browser capable of communicating with a 128-bit session key. The session key is not the same as an SSL key pair, which is used to negotiate and establish a secure communication link. For information about upgrading browsers to 128-bit encryption capability, see How to Upgrade Internet Explorer to 128-Bit Encryption on the Windows Support Web site.
To establish encrypted communications, you must have a valid server certificate installed.
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
To set encryption strength
If you open a Server Gated Cryptography (SGC) certificate, you might receive a notice on the General tab that reads as follows: "The certificate has failed to verify for all of its intended purposes." This notice is issued because of the way SGC certificates interact with Windows, and does not necessarily indicate that the certificate does not work correctly.