Solved

Is there a possibility to enable TLS 1.2 on IIS that will take effect only for specific website (instead the whole server)?

Posted on 2015-02-22
3
151 Views
Last Modified: 2016-05-13
We would like to upgrade our security but have couple of sites and specifically change 1 website on IIS to use TLS 1.2 (without the option of backward compatibility , meaning this specific site wont communicate on SSL3, TLS 1.0 ,  TLS 1.1 ) while the rest of the websites will still use TLS 1.0
0
Comment
Question by:safendsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 40624937
It is probably to look into the SNI for SSL binding to the particular website since likely they are hosting same IP and port , the hostname will be used to differentiate and serves out their respective server cert. E.g. client sending the Server Name header in its SSL Client Hello. If this is not supplied in the client TLS negotiation then http.sys will reset the connection.

And if the server cert is of TLS cipher based and SSL negotiation is disabled, maybe it can still be viable. Pls see below too. So far, I have yet to see binding in selective of cipher to specific website unless an application proxy is used to perform that enforcement - e.g. Citrix and F5 application proxy per se

SSL Handshake and HTTPS Bindings on IIS
he client sends the server the hostname it is requesting for as a part of the CLIENT HELLO in the form of TLS EXTENSIONS.
http://blogs.msdn.com/b/kaushal/archive/2013/08/03/ssl-handshake-and-https-bindings-on-iis.aspx

Server Name Indication (SNI) with IIS 8 (Windows Server 2012)
The server checks the registry to find a certificate hash/thumbprint corresponding to the above combination of IP:Port. The server checks the below key to find the combination: HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo
http://blogs.msdn.com/b/kaushal/archive/2012/09/04/server-name-indication-sni-in-iis-8-windows-server-2012.aspx
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When setting up new project requests for our site, one of the most powerful tools our team has available to use is Axure (http://www.axure.com/). It’s a tool for creating software and web prototypes that can function and interact as if it were the a…
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
The purpose of this video is to demonstrate how to Test the speed of a WordPress Website. Site Speed is an important metric of a site’s health. Slow site speed can result in viewers leaving your site quickly and not seeing your content. This…
The purpose of this video is to demonstrate how to prevent comment spam on a WordPress Website. This will be demonstrated using a Windows 8 PC. Plugin Akismet will be used. Go to your WordPress login page. This will look like the following: myw…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question