我们最近将Java版本升级到JDK 1.8.0_141,这迫使我们的Java客户端使用TLS 1.2,我们在.Net 2.0上运行了Windows Server 2008 SP2个网络服务仅限SSL V3和TLS 1.0
OS Name: Microsoft Windows Server 2008 Standard
OS Version: 6.0.6002 Service Pack 2 Build 6002
所以我已经从KB下方应用了补丁(Update for Windows Server 2008 (KB4019276))来启用TLS 1.1和TLS 1.2
并在注册表项下添加
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000
然后重新启动了该框,但仍然.Net 2.0网络服务不支持
TLS 1.2但支持TLS 1.1。使用TestSSLServer(www.bolet.org/TestSSLServer /)
TestSSLServer2.exe validation-service 443
Connection: validation-service:443
SNI: validation-service
SSLv3:
server selection: enforce server preferences
3-- (key: RSA) RSA_WITH_RC4_128_SHA
3-- (key: RSA) RSA_WITH_3DES_EDE_CBC_SHA
3-- (key: RSA) RSA_WITH_RC4_128_MD5
TLSv1.0:
server selection: enforce server preferences
3-- (key: RSA) RSA_WITH_AES_128_CBC_SHA
3-- (key: RSA) RSA_WITH_AES_256_CBC_SHA
3-- (key: RSA) RSA_WITH_RC4_128_SHA
3-- (key: RSA) RSA_WITH_3DES_EDE_CBC_SHA
3-- (key: RSA) RSA_WITH_RC4_128_MD5
TLSv1.1: idem
启用TLS 1.2是否需要更改配置?或者我是否需要应用任何其他KB补丁?