在 Win2008 R2 上禁用 TLS 1.0 会破坏我们的 IIS 网站

【问题标题】:Disabling TLS 1.0 on Win2008 R2 breaks our IIS websites在 Win2008 R2 上禁用 TLS 1.0 会破坏我们的 IIS 网站
【发布时间】:2016-09-01 02:41:03
【问题描述】:

我希望这是正确的论坛;我首先在 Stack 超级用户上发布了这篇文章,但没有任何解释就立即被否决了。然后我尝试了 Stack 的网络工程站点,但那里没有我的标签……所以现在我在这里尝试。当我知道时,我很乐意将其移至正确的论坛。

我们正在运行 Windows Server 2008 R2。 TLS 1.0 不符合 PCI 已有一段时间了,通过 Windows 注册表禁用它很容易。然而,在过去,禁用 TLS 1.0 给我们带来了两个问题:

  1. 无法通过远程桌面连接到服务器。
  2. 我们的 IIS 6.1 网站不​​可用。

问题 #1 已通过 MS 补丁 KB3080079 得到修复,但一旦禁用 TLS 1.0,我们的网站仍会离线。在禁用 TLS 1.0 时,我需要做些什么才能让 IIS 和网站在线正常运行?

这是错误消息,仅在注册表中禁用 TLS 1.0 并且在服务器重新启动后才会出现:

Server Error in '/' Application.
The system cannot find the file specified
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.ComponentModel.Win32Exception: The system cannot find the file specified

Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: [Win32Exception (0x80004005): The system cannot find the file specified]

[SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)]
   System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +6749670
   System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +815
   System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, Boolean withFailover) +6775368
   System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover) +219
   System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout) +6777754
   System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance) +6778255
   System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData) +878
   System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) +1162
   System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) +72
   System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +6781425
   System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +103
   System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +2105
   System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +116
   System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +1089
   System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +6785863
   System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry) +233
   System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +278
   System.Data.SqlClient.SqlConnection.Open() +239
   System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +292
   System.Data.Common.DbDataAdapter.Fill(DataTable[] dataTables, Int32 startRecord, Int32 maxRecords, IDbCommand command, CommandBehavior behavior) +487
   System.Data.Common.DbDataAdapter.Fill(DataTable dataTable) +296
   FitTrack.Objects.Helper.Utilities.GetDataTableForQuery(String sql, Hashtable paramList, Boolean isStoredProc) +1002
   FitTrack.Objects.Helper.Utilities.GetDataTableForQuery(String sql, Hashtable paramList) +63
   FitTrack.Objects.Base.FitTrackPage.GetFitTrackPage(String pageName) +197
   FitTrack.Objects.Base.FitTrackBase.Authenticate(Boolean redirect, Boolean isloginpage, Boolean checkreg, Boolean isPayrollReport) +659
   FitTrack.Default.Page_PreInit(Object sender, EventArgs e) +68
   System.Web.UI.Page.PerformPreInit() +49
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1844

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34280

注意:TLS 1.1 和 1.2 是在注册表中手动启用的。

【问题讨论】:

  • 您如何准确禁用 TLS 1.0 并启用 TLS 1.1/1.2(我的意思是哪些注册表项)?尝试显式启用 TLS 1.1/1.2,就像在 here 中描述的那样。您在哪些服务器/工作站上使用 IIS 6.1?
  • 我之前已经完成了所有这些(Windows Server 2008 R2),但也许我做错了。我还使用了 IISCrypto 工具。我会再试一次,但是我需要对 IIS 6 做些什么,以使我的网站在进行此更改后不会崩溃吗?它应该自动工作吗?我应该禁用 TLS 1.0 和 1.1 吗?
  • 您撰写有关 IIS 6 或 IIS 6.1 的文章,但没有发布有关您使用的操作系统(带有服务包)的任何信息。 您在哪些服务器/工作站上使用 IIS 6.1/6.0? 如果您想解决问题,那么您不应该使用任何工具(如 IISCrypto)作为黑匣子并手动进行所有更改。您在注册表中进行了哪些更改(您是否在ClientServer 的子键TLS 1.1TLS 1.0HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols 的键中设置了一些DisabledByDefaultEnabled 值?
  • Oleg,标题和原始帖子状态均为 Windows Server 2008 R2。
  • 看来您目前只有 SQL Server 的问题。您使用哪个版本的 SQL Server?你安装了hereherehere 描述的补丁吗?

标签: iis-6 windows-server-2008 tls1.2


【解决方案1】:

当 TLS 1.0 被禁用时,我想我发现 SQL Server 实际上是问题的原因。 (这会导致我们所有的网站崩溃。)有一个解决方法:https://support.microsoft.com/en-us/kb/3135244

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2015-01-28
    • 2017-01-18
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode