Cannot Enable TLS 1.2 on Windows Server 2008 SP2

我的未来我决定 提交于 2020-06-28 03:22:57

问题


We have recently upgraded our Java version to JDK 1.8.0_141 which is forcing our java client to use TLS 1.2 and we have a .Net 2.0 web service running on a Windows Server 2008 SP2 which supports only SSL V3 and TLS 1.0

OS Name:                   Microsoft Windows Server 2008 Standard
OS Version:                6.0.6002 Service Pack 2 Build 6002

So I've applied the patch (Update for Windows Server 2008 (KB4019276)) from below KB to enable TLS 1.1 and TLS 1.2

https://support.microsoft.com/en-us/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows

And added below registry entries

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000

And restarted the box, but still the .Net 2.0 web service is not supporting TLS 1.2 but supports TLS 1.1. Tested using TestSSLServer (www.bolet.org/TestSSLServer/)

TestSSLServer2.exe validation-service 443
Connection: validation-service:443
SNI: validation-service
  SSLv3:
     server selection: enforce server preferences
     3-- (key:  RSA)  RSA_WITH_RC4_128_SHA
     3-- (key:  RSA)  RSA_WITH_3DES_EDE_CBC_SHA
     3-- (key:  RSA)  RSA_WITH_RC4_128_MD5
  TLSv1.0:
     server selection: enforce server preferences
     3-- (key:  RSA)  RSA_WITH_AES_128_CBC_SHA
     3-- (key:  RSA)  RSA_WITH_AES_256_CBC_SHA
     3-- (key:  RSA)  RSA_WITH_RC4_128_SHA
     3-- (key:  RSA)  RSA_WITH_3DES_EDE_CBC_SHA
     3-- (key:  RSA)  RSA_WITH_RC4_128_MD5
  TLSv1.1: idem

Is there any config change needed to enable TLS 1.2? Or do I need to apply any other KB Patch?

来源:https://stackoverflow.com/questions/48412783/cannot-enable-tls-1-2-on-windows-server-2008-sp2

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!