Home > ADX, Misc > Obsolete Secure Communications Protocol Supported – InfoSec – Fix

Obsolete Secure Communications Protocol Supported – InfoSec – Fix

Last week our web application (i.e., ADX portal website) underwent Penetration testing (Also called ‘Ethical hacking’) and we got following recommendation:

Disable all affected protocols identified above. If possible, implement TLSv1.3, or TLSv1.2 otherwise.

Reason:

  • In our application’s web server (IIS), TLSv1.0 and TLSv1.1 communication protocols were enabled.
  • TLSv1.0 and TLSv1.1 were deprecated in major browsers as of Q1 2019 and will be disabled completely in early 2020.

Fix:

  • We’ve used IIS Crypto tool to disable TLSv1.0 and TLSv1.1 protocols.
  • IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Servers.
  • Download the IIS Crypto GUI tool in your windows server where your application is hosted.

IIS Crypto_1

  • Open the tool and un-check TLSv1.0 and TLSv1.1 options.

IIS Crypto

  • You must restart the server for changes to take effect.

🙂

 

Categories: ADX, Misc Tags: , ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: