This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

→ 🚀Are you a Lansweeper Champion?! Join our Contributor Program Sign up here!

Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can TLS 1.0 and older ciphers be disabled on web server?

dshu
Engaged Sweeper III

‎04-15-2019 12:33 PM

Had a quick look on the knowledgebase to see if there was an existing article but a few search terms returned no results.

I'm trying to ascertain if it's OK to harden my Lansweeper web server to no longer use dated ciphers and TLS 1.0 - could someone confirm? I believe disabling TLS 1.0 was causing warranty checking issues a few years back.

Thanks in advance.
Labels:
0 Kudos
8 REPLIES 8
JacobH
Champion Sweeper III

‎04-16-2019 03:21 PM

I mean I know that doesn't really answer your question - but I figure if you're concerned with security/TLS , you would be concerned with being on Win2k8 in general...

https://www.lansweeper.com/knowledgebase/move-lansweeper-to-different-server/


0 Kudos
JacobH
Champion Sweeper III

‎04-16-2019 03:13 PM

can you migrate to a modern windows OS? that's what I would do in your case... LS makes it easy

then you can kill two birds with one stone.
0 Kudos
dshu
Engaged Sweeper III

‎04-16-2019 11:31 AM

Thanks both for the feedback, I'll get this done today.
0 Kudos
dshu
Engaged Sweeper III
In response to dshu

‎04-16-2019 12:47 PM

dshu wrote:
Thanks both for the feedback, I'll get this done today.


Quick update: this broke our install on a Win Server 2008 R2 deployment, when disabling TLS 1.0 using IIS Crypto to harden the box. I've reeanbled TLS1.0 via IIS Crypto and we can once again access.
0 Kudos
JSchlackman
Engaged Sweeper III

‎04-15-2019 09:55 PM

I completed this for all servers in our environment recently. I can confirm that disabling TLS 1.0 caused no issues.

If you want to go one step further and also disable TLS 1.1 (we did), you will need to make sure you add the registry settings to tell .NET Framework to use TLS 1.2, as it currently won't do so by default. See this Microsoft documentation for the keys to set (there's even a .reg file example): https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#for-net-framework-35---452-and-not-wcf
0 Kudos
Noobmode
Engaged Sweeper III
In response to JSchlackman

‎04-18-2019 03:22 PM

JSchlackman wrote:
I completed this for all servers in our environment recently. I can confirm that disabling TLS 1.0 caused no issues.

If you want to go one step further and also disable TLS 1.1 (we did), you will need to make sure you add the registry settings to tell .NET Framework to use TLS 1.2, as it currently won't do so by default. See this Microsoft documentation for the keys to set (there's even a .reg file example): https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#for-net-framework-35---452-and-not-wcf


I personally found this to be a good resource for the registry keys. Even though it states Exchange, it should work for any .net installation. The page includes 4.X and 3.5 keys

https://blogs.technet.microsoft.com/exchange/2018/04/02/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and-identifying-clients-not-using-it/
0 Kudos
JSchlackman
Engaged Sweeper III
In response to Noobmode

‎04-19-2019 02:56 PM

Noobmode wrote:

I personally found this to be a good resource for the registry keys. Even though it states Exchange, it should work for any .net installation. The page includes 4.X and 3.5 keys

https://blogs.technet.microsoft.com/exchange/2018/04/02/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and-identifying-clients-not-using-it/


I also used that page at first, but it does not mention the SchUseStrongCrypto key that is needed for some applications to work when you disable TLS 1.1 (Lansweeper included).
0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee

‎04-15-2019 01:52 PM

If you're on version 6.0.230.46 or higher, everything should work with TLS 1.0 disabled.
0 Kudos

General Discussions

Find answers to technical questions about Lansweeper.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now