I have a web app for which I'm trying to disable versions of TLS that are older than 1.2. ie: I do not want to support TLS 1.0 or 1.1.
1) I've set the below in Azure Portal.
2) I created a simple webpage and uploaded it.
3) In IE Internet Options I disabled all TLS
4) I try to load the simple webpage and I correctly get the right error message.
5) I enable TLS 1.0 only, refresh the webpage and it still works (I've tried this from multiple systems to avoid caching issues). This shouldn't work as TLS 1.2 is still disabled.
I've tried googling the error and only found How to know if an Azure Server is under TLS 1.2 which doesn't work. Has anyone got this working?
I enable TLS 1.0 only, refresh the webpage and it still works (I've tried this from multiple systems to avoid caching issues). This shouldn't work as TLS 1.2 is still disabled.
We could get App Service Team's reply from this blog. It will work soon.
This will only launch toward the middle of May, due to the discovery of a breaking change this has the potential of causing.
Related
I have a particularly knarly IE11 bug that appears to be caused by HTTP/2. At present the only evidence I have is that if Fiddler is intercepting (therefore forcing HTTP/1.1) the bug goes away.
In order to isolate it I really need to turn off HTTP/2 in IE11.
I've disabled HTTP/2 in Internet Options and rebooted the computer but IE11 stubbornly carries on using HTTP/2.
Does anyone who what this setting actually does?
Does anyone know how to disable HTTP/2 in IE11?
It’s a design change of Wininet component which enabled HTTP2 by default for AppContainer and LowIL processes. As we know , most of IE content process (internet and restricted zone) run as Low integrity level.
So we have two workaround:
1. Disable LCIE;
2. Add the specified URL to trust site zone or intranet zone.
Website is not loading on Safari browser with SSL. Site is running on https (SSL) layer. Please refer attached screenshot to know more.
click here to see screenshot
P.S. I am using Windows 10 & SSL purchased from Godaddy
Safari refuses to connect to servers that don't match the minimum security requirements defined by Apple.
For example and example.
It will be necessary to contact the administrator of the server to be compliant with the standards or you can try a different browser (try IE, it never complains).
Several users have emailed us to report that they cannot access our site using Firefox because we're using SSLv3. The problem is, we discontinued support for SSLv3 a while ago. I've tested our site using the Qualys SSL Labs scanner and the report says we don't support SSLv3. I've also tried initiating a handshake from the command line using SSLv3 and it returns the correct error.
Has anybody dealt with this? Could anybody guess what's going on here? It's driving me nuts. I've tried restarting our servers, changing what ciphers we support (not protocols-- we only support TLSv1), promoting new servers to master via keepalived, and more. Users continue to complain that Firefox won't let them access our site.
Our web application uses Windows Integrated Authentication (aka NTLM Auth) for security.
It's working fine for both IE and Firefox users, but Safari users are seeing intermittent problems. Browsing the site will work fine, but every once in a while there will be problems loading elements of a page (e.g. CSS or JS files). Reload and the problem will go away.
If we use a debugging proxy (Fiddler) we can see that there is a lot of extra 401 requests happening with Safari. Every once in a while a request for a resource will get stuck in a 401 request loop, and eventually fail.
I can't see anything that we're doing to cause this, and it would appear that it's a bug in Safari. Has anyone ran across this issue before, and have any suggestions for a resolution?
Thanks,
Darren.
Some web sites http://www.musteat.org/nodes/show/151 indicate this is an issue with negotiated authentication.
You can turn off Negotiate in favor of pure NTLM in IIS via the NTAuthenticationProviders Metabase setting, and the following ADSUTIL command.
cscript adsutil.vbs set w3svc/WebSite/<SiteID>/NTAuthenticationProviders "NTLM"
Change < SiteID > to the appropriate ID, typically 1.
I have an Intranet http application running on several machines in our Windows domain; everything works when using IE 7 because I can configure it to use Kerberos authentication and I've figured out how to get one of the intermediate machines to be Trusted for Delegation.
I have researched and tried to get Firefox 3.0.10 to use Kerberos:
navigate to about:config
filter to network.negotiate
update network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris
with the following entries(separated by comma): http://jupiter2000/trimbrokerclient,http://johnxp/fileservicedemo
I have done this and even restarted Firefox and when I browse to the above sites on our LAN, I still get prompted for username and password and even when I supply them and the web page is loaded, I have some code in the app which displays the authentication method in effect and it is still NTLM, not Kerberos as when IE is used.
Can someone comment on how to get Firefox usable on this Intranet application of mine? Thank you.
p.s. while the names above are different, the app is the same. JUPITER2000 is IIS 6.0; JOHNXP is IIS 5.1.
From what I have done myself, you will only want to input the domain, and not the http:// or path.
There are 5 settings that need to be changed in FireFox.
Only the domain is necessary.
See them all here:
FireFox settings for Integrated Windows Authentication
you must use just the server name:
jupiter2000,johnxp