Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Is there a possibility to enable TLS 1.2 on IIS that will take effect only for specific website (instead the whole server)?

Posted on 2015-02-22
3
Medium Priority
?
195 Views
Last Modified: 2016-05-13
We would like to upgrade our security but have couple of sites and specifically change 1 website on IIS to use TLS 1.2 (without the option of backward compatibility , meaning this specific site wont communicate on SSL3, TLS 1.0 ,  TLS 1.1 ) while the rest of the websites will still use TLS 1.0
0
Comment
Question by:safendsupport
3 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 40624937
It is probably to look into the SNI for SSL binding to the particular website since likely they are hosting same IP and port , the hostname will be used to differentiate and serves out their respective server cert. E.g. client sending the Server Name header in its SSL Client Hello. If this is not supplied in the client TLS negotiation then http.sys will reset the connection.

And if the server cert is of TLS cipher based and SSL negotiation is disabled, maybe it can still be viable. Pls see below too. So far, I have yet to see binding in selective of cipher to specific website unless an application proxy is used to perform that enforcement - e.g. Citrix and F5 application proxy per se

SSL Handshake and HTTPS Bindings on IIS
he client sends the server the hostname it is requesting for as a part of the CLIENT HELLO in the form of TLS EXTENSIONS.
http://blogs.msdn.com/b/kaushal/archive/2013/08/03/ssl-handshake-and-https-bindings-on-iis.aspx

Server Name Indication (SNI) with IIS 8 (Windows Server 2012)
The server checks the registry to find a certificate hash/thumbprint corresponding to the above combination of IP:Port. The server checks the below key to find the combination: HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo
http://blogs.msdn.com/b/kaushal/archive/2012/09/04/server-name-indication-sni-in-iis-8-windows-server-2012.aspx
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
The purpose of this video is to demonstrate how to update a WordPress Site’s version. WordPress releases new versions of its software frequently and it is important to update frequently in order to keep your site secure, and to get new WordPress…
The purpose of this video is to demonstrate how to integrate Mailchimp with Facebook. This will be demonstrated using a Windows 8 PC. Mailchimp and Facebook will be used. Log into your Mailchimp account. : Click on your name. Go to Account Setti…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question