Ping a Specific Port

Question

Doug

Asked: 2016-02-14 15:23:27 +0800 CST2016-02-14 15:23:27 +0800 CST 2016-02-14 15:23:27 +0800 CST

WebDeploy 3.6 won't connect with TLS 1.0 disabled

772

Recently I had my servers audited for PCI compliance.

As part of this I was picked up for not having TLS 1.0 disabled as per:

http://blog.varonis.com/ssl-and-tls-1-0-no-longer-acceptable-for-pci-compliance/

https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1_Summary_of_Changes.pdf

When I disable TLS 1.0 using IISCrypto Web Deploy breaks.

Has anyone found a WebDeploy 3.6 fix for using WebDeploy without TLS 1.0?

1 Answers

Voted

Duane F · Answer 1 · 2016-03-14T14:17:23+08:00

Duane F

2016-03-14T14:17:23+08:002016-03-14T14:17:23+08:00

We added registry keys to force the .NET app pool over to TLS 1.2. This was to allow an app to talk to Salesforce after SF issued a critical update disabling TLS 1.0. The registry keys apply to the whole server as opposed to a single site, unfortunately. The build broke for the reason you indicate above. This worked for us:

Getting WebDeploy working after disabling insecure Ciphers like SSL 3.0 and TLS 1.0

Excerpt:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001

6

WebDeploy 3.6 won't connect with TLS 1.0 disabled

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?