Phy2015
asked on
TLS 1.2 configuration on Server 2008 non-R2
Hi,
I am against a June 30 deadline to have a server 2008 non-R2 configured to use TLS 1.2 for processing transactions for GP Dynamics with PayPal Payflow-Pro. I have found that server 2008 non-R2 is now supported for TLS 1.2 however I am having trouble configuring it. I also may be missing an update or two as well. I am also not sure if I need to install IIS and make changes to that as well.
Attached are the registry setting i have created and what i see when i run the IIS Crypto 2.0 tool.
Thank you for your assistance!
Registery-Settings.jpg
Crypto-2.0.jpg
I am against a June 30 deadline to have a server 2008 non-R2 configured to use TLS 1.2 for processing transactions for GP Dynamics with PayPal Payflow-Pro. I have found that server 2008 non-R2 is now supported for TLS 1.2 however I am having trouble configuring it. I also may be missing an update or two as well. I am also not sure if I need to install IIS and make changes to that as well.
Attached are the registry setting i have created and what i see when i run the IIS Crypto 2.0 tool.
Thank you for your assistance!
Registery-Settings.jpg
Crypto-2.0.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is it patched up to service pack 2?
ASKER
Yes it is SP2.
I will try and load a virtual 2008 and see if I can reproduce it... It might take me a couple days...
32 bit or 64 bit?
ASKER
Windows Server Standard 64-bit
No matter what I did I can't get IIscrypto to show tls 1.1 or 1.2...
I wonder if it is hard coded into the software to NOT show it with server 2008?
Or Microsoft didn't fully fix the issue with that KB...
Steps involved:
Install Server 2008 Standard x64
Run first cycle of updates
Reboot
Install SP2
reboot
run updates
reboot
install KB4019276
reboot
import following registry keys...
reboot yet again...
I wonder if it is hard coded into the software to NOT show it with server 2008?
Or Microsoft didn't fully fix the issue with that KB...
Steps involved:
Install Server 2008 Standard x64
Run first cycle of updates
Reboot
Install SP2
reboot
run updates
reboot
install KB4019276
reboot
import following registry keys...
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
reboot yet again...
ASKER
Hi Scott,
Thanks for your assistance.
I have decided to migrate the applications to a fresh install of Server 2016.
Thanks for your assistance.
I have decided to migrate the applications to a fresh install of Server 2016.
At least that will get you back onto a supported OS for patches past next year.
ASKER
That KB is already installed and the server has been restarted since.