none
Disabling TLS 1.0 ADFS 2.0 RRS feed

  • Question

  • Hi

    I have ADFS 2.0 server infrastructure with 2 ADFS and 2 Proxy servers .

    I have Recently disable SSl 2.0 and 3.0 on the both proxy servers by creating registry values for them. also same time i have created registry value for TLS 1.0 , 1.1, 1.2 as well and kept it enable . but now my company also wants to disable TLS 1.0 . When disabling TLS 1.0 in registry  ADFS login page stops working .

    I wanted to know dose ADFS 2.0 compatible with TLS 1.1 and 1.2 ? or it just supports TLS 1.0?

    If yes how to configure it ?


    Exchange Admin

    Friday, February 5, 2016 12:59 AM

Answers

All replies

  • ADFS 2.0 on Windows Server 2008 R2 rely on IIS 7.5 for the SSL management.

    According to this article dated from 2011: http://blogs.msdn.com/b/kaushal/archive/2011/10/02/support-for-ssl-tls-protocols-on-windows.aspx

    "Among web servers again, IIS 7.5 is the only which supports TLS 1.1 and TLS 1.2. As of now Apache doesn’t support these protocols as OPENSSL doesn’t include support for them. Hopefully, they’ll catch up to the industries new standards."


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Sunday, February 7, 2016 12:21 AM
    Owner
  • I wanted to know dose ADFS 2.0 compatible with TLS 1.1 and 1.2 ? or it just supports TLS 1.0?

    Exchange Admin

    Wednesday, February 17, 2016 10:28 PM
  • It's an IIS (SSL Ciphers) thing, rather than AD FS per se. As Pierre pointed out, IIS 7.5 (2008 R2) is the only one supporting TLS 1.1 and TLS 1.2.. are you setting this via policy or can you share the registry values you're using?

    http://blog.auth360.net

    Wednesday, February 17, 2016 11:40 PM
    Moderator
  • It will be much appreciated if you could help me with below details regarding TLS 1.0

    1. Is disabling TLS 1.0 supported by ADFS 2.0.?

    2. Does IIS 7.5 running on Windows Server 2008 R2 Ent SP1 supports disabling TLS 1.0.?

    3. Does .Net 4.5.2 supports it?

    4. Does Microsoft SQL Server 2008 SP3 version 10.0.5890.0 (64bit) disabling TLS 1.0 supports it?

    5. Does CRM 2011 RU17 and RU18 works on what IE version if TLS 1.0 disabled successfully? IE8 and up?  

    Thank you and I’m sincerely looking forward to hearing from you.


    Have a great day ahead.


    Monday, February 22, 2016 3:09 AM
  • Hello Swapnil,

    Did you came to know whether ADFS 2.0 compatible with TLS 1.0 or not?

    Your reply would be much appreciated. 

    Monday, February 22, 2016 3:28 AM
  • As aforementioned, ADFS 2.0 relies on IIS. So it is not really an ADFS question, it is in fact an IIS question. Whatever IIS supports, ADFS 2.0 goes with it:

    This table is taken for the first answer of this post: http://blogs.msdn.com/b/kaushal/archive/2011/10/02/support-for-ssl-tls-protocols-on-windows.aspx


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, February 22, 2016 1:42 PM
    Owner
  • Hello Pierre, 

    Thank you for the detail explanation. I understood what you said. Appreciated.

    Do you think IIS 7.5 running on Windows Server 2008 R2 ENT. SP1 supports disabling TLS 1.0. I done research on this but didn't find anything. :( Also in the above chart, there is only an info about support for various SSL/TLS versions on different Windows OS but not have the info about their respective Service packs support.

    The reason i asked this question because i wanted to know whether,

    1. IIS 7.5 running on Windows Server 2008 R2 ENT. SP1 supports disabling TLS 1.0.

    2. Does .Net 4.5.2 supports it?

    3. Does Microsoft SQL Server 2008 SP3 version 10.0.5890.0 (64bit) disabling TLS 1.0 supports it?

    5. Does CRM 2011 RU17 and RU18 works on what IE version if TLS 1.0 disabled successfully? IE8 and up?  

    Thank you and I’m sincerely looking forward to hearing from you.
     
    Have a great day ahead.


    Wednesday, February 24, 2016 1:52 AM
  • Sorry, it will sounds like I am punting... but those are not ADFS question anymore. I would assume that if those technologies are using IIS, they fall into the same support stance. However, to make sure of that, please use other TechNet and MSDN forums.

    Only exception is for IIS, questions can be posted here: http://forums.iis.net/


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, February 24, 2016 4:45 PM
    Owner