
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-15-2019 12:33 PM
Had a quick look on the knowledgebase to see if there was an existing article but a few search terms returned no results.
I'm trying to ascertain if it's OK to harden my Lansweeper web server to no longer use dated ciphers and TLS 1.0 - could someone confirm? I believe disabling TLS 1.0 was causing warranty checking issues a few years back.
Thanks in advance.
I'm trying to ascertain if it's OK to harden my Lansweeper web server to no longer use dated ciphers and TLS 1.0 - could someone confirm? I believe disabling TLS 1.0 was causing warranty checking issues a few years back.
Thanks in advance.
Labels:
- Labels:
-
General Discussion
8 REPLIES 8

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-16-2019 03:21 PM
I mean I know that doesn't really answer your question - but I figure if you're concerned with security/TLS , you would be concerned with being on Win2k8 in general...
https://www.lansweeper.com/knowledgebase/move-lansweeper-to-different-server/
https://www.lansweeper.com/knowledgebase/move-lansweeper-to-different-server/

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-16-2019 03:13 PM
can you migrate to a modern windows OS? that's what I would do in your case... LS makes it easy
then you can kill two birds with one stone.
then you can kill two birds with one stone.

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-16-2019 11:31 AM
Thanks both for the feedback, I'll get this done today.

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-16-2019 12:47 PM
dshu wrote:
Thanks both for the feedback, I'll get this done today.
Quick update: this broke our install on a Win Server 2008 R2 deployment, when disabling TLS 1.0 using IIS Crypto to harden the box. I've reeanbled TLS1.0 via IIS Crypto and we can once again access.

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-15-2019 09:55 PM
I completed this for all servers in our environment recently. I can confirm that disabling TLS 1.0 caused no issues.
If you want to go one step further and also disable TLS 1.1 (we did), you will need to make sure you add the registry settings to tell .NET Framework to use TLS 1.2, as it currently won't do so by default. See this Microsoft documentation for the keys to set (there's even a .reg file example): https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#for-net-framework-35---452-and-not-wcf
If you want to go one step further and also disable TLS 1.1 (we did), you will need to make sure you add the registry settings to tell .NET Framework to use TLS 1.2, as it currently won't do so by default. See this Microsoft documentation for the keys to set (there's even a .reg file example): https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#for-net-framework-35---452-and-not-wcf

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-18-2019 03:22 PM
JSchlackman wrote:
I completed this for all servers in our environment recently. I can confirm that disabling TLS 1.0 caused no issues.
If you want to go one step further and also disable TLS 1.1 (we did), you will need to make sure you add the registry settings to tell .NET Framework to use TLS 1.2, as it currently won't do so by default. See this Microsoft documentation for the keys to set (there's even a .reg file example): https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#for-net-framework-35---452-and-not-wcf
I personally found this to be a good resource for the registry keys. Even though it states Exchange, it should work for any .net installation. The page includes 4.X and 3.5 keys
https://blogs.technet.microsoft.com/exchange/2018/04/02/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and-identifying-clients-not-using-it/

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-19-2019 02:56 PM
Noobmode wrote:
I personally found this to be a good resource for the registry keys. Even though it states Exchange, it should work for any .net installation. The page includes 4.X and 3.5 keys
https://blogs.technet.microsoft.com/exchange/2018/04/02/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and-identifying-clients-not-using-it/
I also used that page at first, but it does not mention the SchUseStrongCrypto key that is needed for some applications to work when you disable TLS 1.1 (Lansweeper included).

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-15-2019 01:52 PM
If you're on version 6.0.230.46 or higher, everything should work with TLS 1.0 disabled.
