• 10
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Disable weak SSL protocols on Windows Server 2016

We have tried to disable weak SSL/TLS protocols on a windows 2016 server by setting the corresonding registry keys as suggested here: https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings#tls-10

We have created the following DWORDs:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000

After a restart of the server a scan like https://www.ssllabs.com/ssltest/index.html still reports that the server supports TLS 1.0 and 1.1. We have cleared the scan cache after the change, so it shouldn't be a cached result. I also get a 200 OK response by

Invoke-WebRequest https://MyServer -SslProtocol Tls

If I use a tool like IISCrypto it reports that the protocols are disabled.

Any ideas regarding why these protocols are not being disabled by the registry keys above are very welcome!

Is your server directly exposed to the internet? It's not a common practice anymore. Usually there is a load balancer or reverse proxy in front of it these days. If there is, that's what the SSL labs scan is hitting and that's where you need to disable TLS 1.0 and 1.1.

  • 3
Reply Report

Trending Tags