diff --git a/LICENSE b/LICENSE
index f0946da..770f639 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2015, NWebsec
+Copyright (c) 2013-2015, André N. Klingsheim
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -11,7 +11,7 @@ modification, are permitted provided that the following conditions are met:
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
-* Neither the name of NWebsec.AzureStartupTasks nor the names of its
+* Neither the name of NWebsec nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
diff --git a/NWebsec.AzureStartupTasks.sln b/NWebsec.AzureStartupTasks.sln
new file mode 100644
index 0000000..22ac57b
--- /dev/null
+++ b/NWebsec.AzureStartupTasks.sln
@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2012
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NWebsec.AzureStartupTasks", "NWebsec.AzureStartupTasks\NWebsec.AzureStartupTasks.csproj", "{2B784498-7014-4260-ACB5-2CA600FE0F51}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {2B784498-7014-4260-ACB5-2CA600FE0F51}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {2B784498-7014-4260-ACB5-2CA600FE0F51}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {2B784498-7014-4260-ACB5-2CA600FE0F51}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {2B784498-7014-4260-ACB5-2CA600FE0F51}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/NWebsec.AzureStartupTasks/Install.txt b/NWebsec.AzureStartupTasks/Install.txt
new file mode 100644
index 0000000..e96fdb6
--- /dev/null
+++ b/NWebsec.AzureStartupTasks/Install.txt
@@ -0,0 +1,19 @@
+Copyright (c) André N. Klingsheim. See https://nwebsec.codeplex.com/license for license information.
+
+The scripts included in this package are intended to be run as startup tasks in
+Windows Azure roles, and it is recommended to install them through NuGet.
+If installation through NuGet install is not an option, the scripts can be
+added to an ASP.NET project by hand. The scripts are also useful to system
+administrators managing Windows Server 2008 R2/2012 (they require PowerShell 2).
+
+*** Configuring the Azure startup tasks by hand ***
+Copy the "NWebsec.AzureStartupTasks" directory with contents to the root of
+your ASP.NET project. Make sure that the .cmd and .ps1 files have
+"Copy to output directory" set to "Copy Always" in their properties. Refer to
+the "NWebsec.AzureStartupTasks/ReadMe.txt" file for details on how to
+configure your Azure project to run the startup tasks.
+
+*** Running the scripts directly (for system administrators) ***
+If you want to run the scripts directly, use the PowerShell scripts found in
+the "NWebsec.AzureStartupTasks/scripts" folder. The .cmd scripts are specific
+to Azure, and should only be used as Azure startup tasks.
diff --git a/NWebsec.AzureStartupTasks/NWebsec.AzureStartupTasks.csproj b/NWebsec.AzureStartupTasks/NWebsec.AzureStartupTasks.csproj
new file mode 100644
index 0000000..168f9e3
--- /dev/null
+++ b/NWebsec.AzureStartupTasks/NWebsec.AzureStartupTasks.csproj
@@ -0,0 +1,53 @@
+
+
+
+
+ Debug
+ AnyCPU
+ {2B784498-7014-4260-ACB5-2CA600FE0F51}
+ Exe
+ Properties
+ NWebsec.AzureStartupTasks
+ NWebsec.AzureStartupTasks
+ v4.0
+ 512
+
+
+ AnyCPU
+ true
+ full
+ false
+ bin\Debug\
+ DEBUG;TRACE
+ prompt
+ 4
+
+
+ AnyCPU
+ pdbonly
+ true
+ bin\Release\
+ TRACE
+ prompt
+ 4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/NWebsec.AzureStartupTasks/NWebsec.AzureStartupTasks.nuspec b/NWebsec.AzureStartupTasks/NWebsec.AzureStartupTasks.nuspec
new file mode 100644
index 0000000..981d69a
--- /dev/null
+++ b/NWebsec.AzureStartupTasks/NWebsec.AzureStartupTasks.nuspec
@@ -0,0 +1,18 @@
+
+
+
+ NWebsec.AzureStartupTasks
+ 1.1.2
+ NWebsec.AzureStartupTasks
+ André N. Klingsheim
+ André N. Klingsheim
+ https://nwebsec.codeplex.com/license
+ https://nwebsec.codeplex.com
+ https://klings.blob.core.windows.net/nwebsecicon/nwebsec_nuget.png
+ false
+ Provides a startup task to harden the TLS configuration on Azure role instances. See project website for documentation.
+ This release removes the AES-GCM cipher suites from TLS configuration to avoid potential issues introduced by MS14-066. See release notes at project web site for more details.
+ Copyright © 2013,2014
+ NWebsec security Asp.Net Azure
+
+
\ No newline at end of file
diff --git a/NWebsec.AzureStartupTasks/content/NWebsec.AzureStartupTasks/ReadMe.txt b/NWebsec.AzureStartupTasks/content/NWebsec.AzureStartupTasks/ReadMe.txt
new file mode 100644
index 0000000..a27749c
--- /dev/null
+++ b/NWebsec.AzureStartupTasks/content/NWebsec.AzureStartupTasks/ReadMe.txt
@@ -0,0 +1,38 @@
+You need to add the startup tasks by hand to your ServiceDefinition.cfg.
+
+*** TLS hardening ***
+The TLS hardening script will update the relevant Schannel registry settings to
+configure enabled TLS protocol versions and cipher suites according to the
+latest recommendations on ssllabs.com. Refer to the NWebsec project website for
+documentation on which cipher suites are enabled for each version of this
+script (or have a look in the ps1 script). Changes to registry requires a
+reboot to take effect, this is handled by the script. The script is clever
+enough to only reboot after changes are made to the registry, avoiding
+unnecessary reboots of the role instances.
+
+You'll find a log file on you Azure role in:
+%TEMP%\NWebsec.AzureStartupTasksLog.txt
+
+Here's the required configuration for the ServiceDefinition.csdef file. Note
+the environment variable which prevents the script from running when the
+application is running in the Azure emulator. You probably forgot this if it
+updates your registry and reboots your machine. :)
+
+Note! The startup scripts require osFamily="2" or newer - so please check your
+ServiceConfiguration.Cloud.cscfg.
+
+Note also that the AES-GCM ciphers introduced with "Windows Server 2012 R2 Update" are available from guest OS version 4.7 (released May 2. 2014).
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/NWebsec.AzureStartupTasks/content/NWebsec.AzureStartupTasks/TLS_hardening.cmd b/NWebsec.AzureStartupTasks/content/NWebsec.AzureStartupTasks/TLS_hardening.cmd
new file mode 100644
index 0000000..cd42816
--- /dev/null
+++ b/NWebsec.AzureStartupTasks/content/NWebsec.AzureStartupTasks/TLS_hardening.cmd
@@ -0,0 +1,9 @@
+REM Copyright (c) André N. Klingsheim. See https://nwebsec.codeplex.com/license for license information.
+
+IF "%NWebsecInComputeEmulator%" == "false" (
+ pushd %~dp0
+ PowerShell -ExecutionPolicy Unrestricted scripts\TLS_hardening.ps1 -AllowReboot 1 >> "%TEMP%\NWebsec.AzureStartupTasksLog.txt" 2>&1
+ popd
+)
+
+EXIT /B %errorlevel%
diff --git a/NWebsec.AzureStartupTasks/content/NWebsec.AzureStartupTasks/Web.config b/NWebsec.AzureStartupTasks/content/NWebsec.AzureStartupTasks/Web.config
new file mode 100644
index 0000000..5dafa85
--- /dev/null
+++ b/NWebsec.AzureStartupTasks/content/NWebsec.AzureStartupTasks/Web.config
@@ -0,0 +1,13 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/NWebsec.AzureStartupTasks/content/NWebsec.AzureStartupTasks/scripts/TLS_hardening.ps1 b/NWebsec.AzureStartupTasks/content/NWebsec.AzureStartupTasks/scripts/TLS_hardening.ps1
new file mode 100644
index 0000000..f7ba9ec
--- /dev/null
+++ b/NWebsec.AzureStartupTasks/content/NWebsec.AzureStartupTasks/scripts/TLS_hardening.ps1
@@ -0,0 +1,83 @@
+# Copyright (c) André N. Klingsheim. See https://nwebsec.codeplex.com/license for license information.
+
+param([bool]$allowReboot = $false)
+
+Function UpdateRegistryPath($path){
+
+ if(test-path $path){
+ return $false
+ }
+ write-Host "Creating registry path: $path"
+ md $path
+ return $true
+}
+
+Function UpdateRegistryKey($path, $propertyName, $value, $propertyType){
+ $property = Get-ItemProperty -Path $path -Name $propertyName -ErrorAction SilentlyContinue
+
+ if($property){
+ if($property.$propertyName -eq $value){
+ return $false
+ }
+ Write-Host "Updating registry key $path $propertyName $value"
+ Set-ItemProperty -path $path -name $propertyName -value $value
+ return $true
+ }
+ Write-Host "Creating registry key $path $propertyName $value"
+ New-ItemProperty -path $path -name $propertyName -value $value -PropertyType $propertyType
+ return $true
+}
+
+$date = Get-Date
+write-output "---- NWebsec.AzureStartupTasks - TLS hardening - $date ----"
+write-output "Checking for registry keys, updating as necessary"
+write-output ""
+
+
+$preferredCipherSuites = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
+$rebootRequired = $false
+
+# Disable SSL 2.0
+write-output "**** Making sure SSL 2.0 is disabled ****"
+$rebootRequired = (UpdateRegistryPath "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server") -Or $rebootRequired
+$rebootRequired = (UpdateRegistryKey "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" "Enabled" 0 "DWord") -Or $rebootRequired
+
+# Disable SSL 3.0
+write-output "**** Making sure SSL 3.0 is disabled ****"
+$rebootRequired = (UpdateRegistryPath "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0") -Or $rebootRequired
+$rebootRequired = (UpdateRegistryPath "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server") -Or $rebootRequired
+$rebootRequired = (UpdateRegistryKey "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server" "Enabled" 0 "DWord") -Or $rebootRequired
+
+# Enable TLS 1.1
+write-output "**** Making sure TLS 1.1 is enabled ****"
+$rebootRequired = (UpdateRegistryPath "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1") -Or $rebootRequired
+$rebootRequired = (UpdateRegistryPath "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server") -Or $rebootRequired
+$rebootRequired = (UpdateRegistryKey "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" "DisabledByDefault" 0 "DWord") -Or $rebootRequired
+$rebootRequired = (UpdateRegistryPath "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client") -Or $rebootRequired
+$rebootRequired = (UpdateRegistryKey "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" "DisabledByDefault" 0 "DWord") -Or $rebootRequired
+
+
+# Enable TSL 1.2
+write-output "**** Making sure TLS 1.2 is enabled ****"
+$rebootRequired = (UpdateRegistryPath "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2") -Or $rebootRequired
+$rebootRequired = (UpdateRegistryPath "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server") -Or $rebootRequired
+$rebootRequired = (UpdateRegistryKey "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" "DisabledByDefault" 0 "DWord") -Or $rebootRequired
+$rebootRequired = (UpdateRegistryPath "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client") -Or $rebootRequired
+$rebootRequired = (UpdateRegistryKey "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" "DisabledByDefault" 0 "DWord") -Or $rebootRequired
+
+# Protocol versions done, set preferred cipher suites
+write-output "**** Making sure preferred cipher suites are set ****"
+$rebootRequired = (UpdateRegistryKey "HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002" "Functions" $preferredCipherSuites "String") -Or $rebootRequired
+
+if($rebootRequired){
+ if($allowReboot){
+ write-output "Registry was updated, rebooting..."
+ write-output "---- NWebsec.AzureStartupTasks - TLS hardening Completed - $date ----"
+ shutdown /r /t 0
+ }else{
+ write-output "Registry was updated, reboot is required for changes to take effect."
+ }
+}else{
+write-output "Registry keys were ok, exiting."
+}
+write-output "---- NWebsec.AzureStartupTasks - TLS hardening Completed - $date ----"
\ No newline at end of file
diff --git a/NWebsec.AzureStartupTasks/tools/Install.ps1 b/NWebsec.AzureStartupTasks/tools/Install.ps1
new file mode 100644
index 0000000..cb4dc48
--- /dev/null
+++ b/NWebsec.AzureStartupTasks/tools/Install.ps1
@@ -0,0 +1,4 @@
+param($installPath, $toolsPath, $package, $project)
+$project.ProjectItems.Item("NWebsec.AzureStartupTasks").ProjectItems.Item("ReadMe.txt").Properties.Item("BuildAction").Value = 0
+$project.ProjectItems.Item("NWebsec.AzureStartupTasks").ProjectItems.Item("TLS_hardening.cmd").Properties.Item("CopyToOutputDirectory").Value = 1
+$project.ProjectItems.Item("NWebsec.AzureStartupTasks").ProjectItems.Item("scripts").ProjectItems.Item("TLS_hardening.ps1").Properties.Item("CopyToOutputDirectory").Value = 1
diff --git a/createnugetpackage.bat b/createnugetpackage.bat
new file mode 100644
index 0000000..e9a284b
--- /dev/null
+++ b/createnugetpackage.bat
@@ -0,0 +1,11 @@
+@pushd NWebsec.AzureStartupTasks
+
+@rd /s /q d:\nuget\NWebsec.AzureStartupTasks
+@xcopy /s /y content d:\nuget\NWebsec.AzureStartupTasks\content\
+@xcopy /s /y tools d:\nuget\NWebsec.AzureStartupTasks\tools\
+@xcopy /f /y *.nuspec d:\nuget\NWebsec.AzureStartupTasks\
+@xcopy /f /y Install.Txt d:\nuget\NWebsec.AzureStartupTasks\
+@popd
+
+@echo "Now go to d:\nuget\NWebsec.AzureStartupTasks, update nuspec version number, and publish! :)"
+