1

I have a legacy product in our inventory that is running on Server 2003, Standard edition. It is due to be refactored to run on a more modern platform, however this will not happen before Q3 of this year.

It is pinging on our security scans due to the outward facing website and vulnerable protocols and ciphers. I used IISCrypto to disable SSL 2.0, 3.0 and the RC4 ciphers. When it failed on the TLS 1.0, I disabled that which promptly broke HTTPS connections to the site.

Is there a way to disable TLS 1.0 and still keep HTTPS connection on Server 2003 Standard?

JohnP
  • 165
  • 8
  • 1
    Possible duplicate of [Does Windows 2003 support TLS 1.1 and 1.2?](https://serverfault.com/questions/793280/does-windows-2003-support-tls-1-1-and-1-2) Found after my answer... – Lenniey Feb 08 '19 at 14:26

1 Answers1

3

You are out of luck, as Server 2003 does not natively support TLS > 1.0. TLS Versions Server 2003

Lenniey
  • 5,220
  • 2
  • 18
  • 29
  • That's what I was afraid of, after researching it for a bit. Was hoping the gurus knew of a way, but alas. Thanks for the reference. – JohnP Feb 08 '19 at 14:37
  • Your application can use whatever version you like, but the underlying service needs to support it as well. If you run on IIS 2003 or something, you can't do anything about it. – Lenniey Feb 08 '19 at 14:39
  • 1
    IIS 6.0 with Citrix metaframe components. Boo. – JohnP Feb 08 '19 at 15:37