none
Disable SSL 3 and TLS 1.0 on the IIS WEB server. RRS feed

All replies

  • I usually use IIS Crypto (https://www.nartac.com/Products/IISCrypto)

    From memory, it DOES require a reboot after you've applied the settings change.


    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"

    Georg Thomas | CISSP, CISM, CEH, GIAC, MCSE (Security), MVP Twitter @georgathomas This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Tuesday, June 27, 2017 5:15 AM
  • Hi,

    If SSL 3.0 and TLS 1.0 key do not exist, you can manually create  and disable them according to the following steps:

     

    1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
    2. In Registry Editor, locate the following registry key:

     

    HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols  

    1. Right-click Protocols, click New, click Key and name it as SSL 3.0 or TLS 1.0.
    2. Right-click SSL 3.0 or TLS 1.0, click New, click Key and name it as Server.
    3. Right-click Server, click New, click DWORD (32bit) Value and name it as Enabled.
    4. Double-click Enabled and make sure its value is 0.


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, June 27, 2017 7:14 AM
    Moderator
  • I have tried IIS Crypto to disable SSL3 and TLS 1.0 and I am not able to access the website anymore.  

    This is the error:

    Microsoft OLD DB provider for SQL server error '80004005'
    [DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.

    /dbopen.asp, line 4
    Wednesday, June 28, 2017 2:47 AM
  • Looks like you may have an old version of the SQL Server Driver that's not using TLS1.2. What version of SQL are you using?

    Take a look here: https://blogs.msdn.microsoft.com/sqlreleaseservices/tls-1-2-support-for-sql-server-2008-2008-r2-2012-and-2014/


    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"

    Georg Thomas | CISSP, CISM, CEH, GIAC, MCSE (Security), MVP Twitter @georgathomas This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, June 28, 2017 3:12 AM
  • The WEB server connects to SQL Server 2008 R2. 
    Wednesday, June 28, 2017 8:00 PM
  • Make sure you have the correct updates applied to support TLS1.2 (https://support.microsoft.com/en-za/help/3135244/tls-1.2-support-for-microsoft-sql-server)

    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"

    Georg Thomas | CISSP, CISM, CEH, GIAC, MCSE (Security), MVP Twitter @georgathomas This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, June 29, 2017 2:54 AM