服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 如何禁用TLS 1.0而不破坏我的IIS / ASP.NET网站?
Intereting Posts
在networking凭据下运行的Windows服务不会自动启动 Shorewall多个传出的IP分配 为什么不是这个nginx重写工作? 通过PPTP VPN路由stream量 我如何允许用户从Web界面重置他们的Linux用户密码? 恢复没有configuration文件的amanda备份 如何在MS Exchange 2010上应用DNSBL? WDS错误:Windows无法安装所需的文件。 确保安装所需的所有文件都可用,然后重新开始安装 我能否阻止exportfs破坏ZFS sharenfs的导出? Windows 2008 DFS问题 – 文件消失 SVN签出到samba目录 我如何设置我的本地Nginx服务器,以便我可以编辑这些文件? 备份MySQL用户和权限 如何重置此开关,以便我可以使用它? 无法在Windows Server 2008中打开事件查看器?

如何禁用TLS 1.0而不破坏我的IIS / ASP.NET网站?

我们正在运行Windows Server 2008 R2。 一段时间以来,TLS 1.0已经不兼容PCI,通过Windowsregistry禁用它很容易。 但是,过去禁用TLS 1.0给我们带来了两个问题:

  1. 通过远程桌面连接到服务器是不可能的。
  2. 我们的IIS 6.1网站变得不可用。

问题#1已经修复了MS修补程序KB3080079 ,但是我们的网站在TLS 1.0被禁用后仍会崩溃。 禁用TLS 1.0时,我需要做些什么来保持ASP.NET的快乐,以及网站在线?

以下是错误消息,只有在registry中禁用TLS 1.0并且服务器重新启动后才会出现此错误消息: 

Server Error in '/' Application. The system cannot find the file specified Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.ComponentModel.Win32Exception: The system cannot find the file specified Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [Win32Exception (0x80004005): The system cannot find the file specified] [SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)] System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +6749670 System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +815 System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, Boolean withFailover) +6775368 System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover) +219 System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout) +6777754 System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance) +6778255 System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData) +878 System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) +1162 System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) +72 System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +6781425 System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +103 System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +2105 System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +116 System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +1089 System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +6785863 System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry) +233 System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +278 System.Data.SqlClient.SqlConnection.Open() +239 System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +292 System.Data.Common.DbDataAdapter.Fill(DataTable[] dataTables, Int32 startRecord, Int32 maxRecords, IDbCommand command, CommandBehavior behavior) +487 System.Data.Common.DbDataAdapter.Fill(DataTable dataTable) +296 FitTrack.Objects.Helper.Utilities.GetDataTableForQuery(String sql, Hashtable paramList, Boolean isStoredProc) +1002 FitTrack.Objects.Helper.Utilities.GetDataTableForQuery(String sql, Hashtable paramList) +63 FitTrack.Objects.Base.FitTrackPage.GetFitTrackPage(String pageName) +197 FitTrack.Objects.Base.FitTrackBase.Authenticate(Boolean redirect, Boolean isloginpage, Boolean checkreg, Boolean isPayrollReport) +659 FitTrack.Default.Page_PreInit(Object sender, EventArgs e) +68 System.Web.UI.Page.PerformPreInit() +49 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1844 Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34280

注意:TLS 1.1和1.2是在registry中手动启用的。

我想我已经发现,当TLS 1.0被禁用时,SQL Server实际上是问题的原因。 (这崩溃了我们所有的网站。)有一个这样的修复: https : //support.microsoft.com/en-us/kb/3135244

在禁用TLS 1.0之前,我们必须configuration.NET以使用更强大的协议,以避免IIS中出现System.InvalidOperationExceptionexception。 

 REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" /v SchUseStrongCrypto /t REG_DWORD /d 1 /f REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" /v SchUseStrongCrypto /t REG_DWORD /d 1 /f REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727" /v SchUseStrongCrypto /t REG_DWORD /d 1 /f REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" /v SchUseStrongCrypto /t REG_DWORD /d 1 /f