Furthermore, restricting the available protocols may interfere with client connections that use older browsers such as Windows XP or IE 9 and earlier. It is not supported by Windows Server 2003. Note: TLS 1.2 requires Windows Server 2008 or later. We recommend that you disable SSLv2 and SSLv3 and consider disabling TLS 1.0. Otherwise, you may follow Microsoft's instructions for configuring the Schannel component. Disabling TLS 1.0 may cause issues for any clients running Windows XP or IE 9 and earlier. Best Practices will keep TLS 1.0 enabled and PCI 3.1 will disable it, making TLS 1.1 the minimum requirement. We recommend using either the Best Practices option or the PCI 3.1 template with IIS Crypto. IIS Crypto is available from its vendor here: To configure which protocols will be used by IIS, you must configure the available protocols and ciphers at the OS level.Ī third-party tool called IIS Crypto simplifies the process of modifying the server registry and running the commands necessary to enable or disable the various available SSL/TLS protocols.
IIS uses the cryptographic subsystems of the host operating system to negotiate a secure connection.
For the best security, you may configure TLS 1.2 as the minimum required protocol.Īll communication between Essentials and users is handled by IIS. For the best security we recommend having the server running Essentials configured to use at least TLS 1.1 for secure communications. Security improvements and vulnerabilities have led to the release of updated protocols over the years. Many organizations want, or require the use of, HTTPS to ensure secure communications between web browsers and servers.
0 kommentar(er)
