This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Can TLS 1.0 and older ciphers be disabled on web s...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-15-2019 12:33 PM
Had a quick look on the knowledgebase to see if there was an existing article but a few search terms returned no results.
I'm trying to ascertain if it's OK to harden my Lansweeper web server to no longer use dated ciphers and TLS 1.0 - could someone confirm? I believe disabling TLS 1.0 was causing warranty checking issues a few years back.
Thanks in advance.
I'm trying to ascertain if it's OK to harden my Lansweeper web server to no longer use dated ciphers and TLS 1.0 - could someone confirm? I believe disabling TLS 1.0 was causing warranty checking issues a few years back.
Thanks in advance.
Labels:
- Labels:
-
General Discussion
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-16-2019 03:21 PM
I mean I know that doesn't really answer your question - but I figure if you're concerned with security/TLS , you would be concerned with being on Win2k8 in general...
https://www.lansweeper.com/knowledgebase/move-lansweeper-to-different-server/
https://www.lansweeper.com/knowledgebase/move-lansweeper-to-different-server/
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-16-2019 03:13 PM
can you migrate to a modern windows OS? that's what I would do in your case... LS makes it easy
then you can kill two birds with one stone.
then you can kill two birds with one stone.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-16-2019 11:31 AM
Thanks both for the feedback, I'll get this done today.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-16-2019 12:47 PM
dshu wrote:
Thanks both for the feedback, I'll get this done today.
Quick update: this broke our install on a Win Server 2008 R2 deployment, when disabling TLS 1.0 using IIS Crypto to harden the box. I've reeanbled TLS1.0 via IIS Crypto and we can once again access.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-15-2019 09:55 PM
I completed this for all servers in our environment recently. I can confirm that disabling TLS 1.0 caused no issues.
If you want to go one step further and also disable TLS 1.1 (we did), you will need to make sure you add the registry settings to tell .NET Framework to use TLS 1.2, as it currently won't do so by default. See this Microsoft documentation for the keys to set (there's even a .reg file example): https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#for-net-framework-35---452-and-not-wcf
If you want to go one step further and also disable TLS 1.1 (we did), you will need to make sure you add the registry settings to tell .NET Framework to use TLS 1.2, as it currently won't do so by default. See this Microsoft documentation for the keys to set (there's even a .reg file example): https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#for-net-framework-35---452-and-not-wcf
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-18-2019 03:22 PM
JSchlackman wrote:
I completed this for all servers in our environment recently. I can confirm that disabling TLS 1.0 caused no issues.
If you want to go one step further and also disable TLS 1.1 (we did), you will need to make sure you add the registry settings to tell .NET Framework to use TLS 1.2, as it currently won't do so by default. See this Microsoft documentation for the keys to set (there's even a .reg file example): https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#for-net-framework-35---452-and-not-wcf
I personally found this to be a good resource for the registry keys. Even though it states Exchange, it should work for any .net installation. The page includes 4.X and 3.5 keys
https://blogs.technet.microsoft.com/exchange/2018/04/02/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and-identifying-clients-not-using-it/
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-19-2019 02:56 PM
Noobmode wrote:
I personally found this to be a good resource for the registry keys. Even though it states Exchange, it should work for any .net installation. The page includes 4.X and 3.5 keys
https://blogs.technet.microsoft.com/exchange/2018/04/02/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and-identifying-clients-not-using-it/
I also used that page at first, but it does not mention the SchUseStrongCrypto key that is needed for some applications to work when you disable TLS 1.1 (Lansweeper included).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-15-2019 01:52 PM
If you're on version 6.0.230.46 or higher, everything should work with TLS 1.0 disabled.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Scanner behavior after upgrade to 11.1.3 in General Discussions
- Cloud sites security in General Discussions
- Check if print spooler service is enabled in General Discussions
- Lansweeper Health Checklist in General Discussions
- sorry for double post-had one in product conversations in General Discussions
