Solved

Is there a possibility to enable TLS 1.2 on IIS that will take effect only for specific website (instead the whole server)?

Posted on 2015-02-22
3
103 Views
Last Modified: 2016-05-13
We would like to upgrade our security but have couple of sites and specifically change 1 website on IIS to use TLS 1.2 (without the option of backward compatibility , meaning this specific site wont communicate on SSL3, TLS 1.0 ,  TLS 1.1 ) while the rest of the websites will still use TLS 1.0
0
Comment
Question by:safendsupport
3 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40624937
It is probably to look into the SNI for SSL binding to the particular website since likely they are hosting same IP and port , the hostname will be used to differentiate and serves out their respective server cert. E.g. client sending the Server Name header in its SSL Client Hello. If this is not supplied in the client TLS negotiation then http.sys will reset the connection.

And if the server cert is of TLS cipher based and SSL negotiation is disabled, maybe it can still be viable. Pls see below too. So far, I have yet to see binding in selective of cipher to specific website unless an application proxy is used to perform that enforcement - e.g. Citrix and F5 application proxy per se

SSL Handshake and HTTPS Bindings on IIS
he client sends the server the hostname it is requesting for as a part of the CLIENT HELLO in the form of TLS EXTENSIONS.
http://blogs.msdn.com/b/kaushal/archive/2013/08/03/ssl-handshake-and-https-bindings-on-iis.aspx

Server Name Indication (SNI) with IIS 8 (Windows Server 2012)
The server checks the registry to find a certificate hash/thumbprint corresponding to the above combination of IP:Port. The server checks the below key to find the combination: HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo
http://blogs.msdn.com/b/kaushal/archive/2012/09/04/server-name-indication-sni-in-iis-8-windows-server-2012.aspx
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
The purpose of this video is to demonstrate how to make a WordPress Site faster and smaller in size by cleaning up the database. This will be demonstrated using a Windows 8 PC. Plugin WP Optimize will be used. Go to your WordPress login page. T…
The purpose of this video is to demonstrate how to set up the permalinks on a WordPress Website. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Go t…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question