This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
Our Security Team is requesting us to uncheck in IIS Crypto TLS 1.0 to make it Disabled.
"Close port 80, disable TLS 1.0, and disable MD5 hash"
Any recommendations?
TLS 1.2 is already deployed ...
Is it possible to verify that all clients are using TLS 1.2?
Thanks,
Dom
Hello,
"...there is no necessary to turn off 1.0 and 1.1...
It is a security request due to vulnerabilities... at least for TLS 1.0 I will have no choice ....
Thanks,
Dom
Hi @Dominique DUCHEMIN ,
We only require 1.2 to be enabled and there is no necessary to turn off 1.0 and 1.1, whether we want to close depends on the our own choice.
Here is the article about enabling TLS 1.2 from Microsoft Learn:
https://learn.microsoft.com/en-US/mem/configmgr/core/plan-design/security/enable-tls-1-2
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks for this,
Should it be done for the whole environment MEMCM or only as needed?
Thanks,
Dom
Hi
It's easy with IIS Crypto to disable it, else it's in the registry;
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.0\Server
(DWORD) DisabledByDefault:=1
IIS Crypto would do the same, so I recommend of using it.
To disable port 80 it's your choice. I found it handy to have it open as you need port 80 if you want to do a redirect (HTTP->HTTPS) to the port 443 for HTTPS.
Thanks
Philippe