You can do that manually and follow the steps in this little How-To by QuoVadis. Only when you have a backup should you open regedit and go to the registry path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\ Therefore, you should first make a backup. You need to modify the registry to activate TLS 1.2. Should you not have all patches installed, you can manually download KB4019276 from the Microsoft Update Catalog.
In this case, you can jump to the next section and activate it. When your server is up-to-date with all security patches offered by Microsoft, then you probably already have TLS 1.2 installed. The server should enable TLS 1.2 or later.
Once disabled, users will be prevented from loading these resources. The connection used to load resources from used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. You can check if your web site has this problem with the SSL Server Test or you open the developer tools of Chrome and check the console output: If this is the case, your users will not be able to visit your web site when all major browsers block that version at the beginning of 2020.
Unfortunately, you do not see the version your browser uses to connect to a web server and so it may be that this protocol is still active. That version is outdated and should not be used for securing any HTTPS traffic. Out of the box, IIS on Windows Server 2008 R2 offers Transport Layer Security only in version 1 (TLS 1.0). If your box is a web server, that day will come sooner than you think. You may postpone the inevitable, but one day you run out of luck. There is always that one machine that you cannot upgrade on a current version because some dependencies outside of your control demand that specific configuration.
0 kommentar(er)
