Solved

TLS 1.2 - Server 2008 Std  (NOT R2)  - in IIS

Posted on 2014-11-14
2
561 Views
Last Modified: 2014-11-20
IIS server running Server 2008 std (not R2)

with a lot of sites changing to use TLS 1.2 we are having a few intergration errors when trying to communicate with external APIs.

For example,   LinkedIn integration will only work with TLS 1.2.

As my server has server 2008 std non r2 I cannot enable TLS 1.2

I do not have the option of upgrading the OS on the server...

But we have another server running r2 with tls 1.2 working!
..is it possible to create some sort of reverse proxy rule to redirect requests to the 3rd party via the other webserver which has tls 1.2 enabled?



( Note: I cant just put my sites directly on the 2008 R2 webserver)


I tried some url rewrite rule but couldn't get it working...


any help would be appreciated...
0
Comment
Question by:Spikeuk30
2 Comments
 
LVL 62

Assisted Solution

by:btan
btan earned 250 total points
ID: 40444179
The redirect has to be redirected before the key exchange start eles the SSL session cannot be maintain as redirection thereafter will break the session. Some application delivery controller does this full TLS proxy (e.g.  manage the client SSL, terminate and then manage Server SSL , as a whole does SSL offload) and balance (with re-encrypt based on Server SSL profile) to the selected web server backend e.g in F5 LTM @ https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-1-0/15.html
It also flagged in their forum to do before handshake on option that may be viable @ https://devcentral.f5.com/questions/ssl-handshake

But to do simply redirect based on TLS1.2 you need to packet inspect into the packet byte to determine the version though which I see IIS URL Rewrite Module may not be possible. There may need to have some module plugin that does that...below is some useful example but not specific to your use case though
http://www.iis.net/learn/extensions/url-rewrite-module
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 250 total points
ID: 40450462
You might be able to setup a reverse proxy like you would for one of your web servers, but instead of proxying incoming requests you would turn the proxy around and publish the sales force servers to your internal network and use maybe a hosts entry on your Windows 2008 server to point the sales force hosts at your proxy server.

Windows 2008 is in extended support and is like running Windows Vista, and is 3 major OS versions behind. You'll need to upgrade it eventually, and I think that you are seeing some issues where sooner may be better than later. :-)
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now