stackoom
  简体   繁体   中英

Turn on TLS 1.0, TLS 1.1, TLS 1.2 ... Asp.NET IIS 10.0

 原文  2018-02-26 17:59:50       c#/ asp.net/ asp.net-mvc/ ssl/ tls1.2

Question

For months, my web application worked just fine on different versions of IE/Firefox/Chrome. My application is running on IIS 10.0. When I hit the application from a Windows 7 box (IE 11.0.***) everything works fine. When I hit the application from Windows 10 box (IE 11.2007.14393.0), it just started giving me this error (was working last week):

This page can't be displayed Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https:// again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

I have looked this up from many sites and have tried multiple things. Ensured TLS settings, setup Registry on Server to allow TLS, etc. As far as I can tell, there were no updates when this occurred. This is an Asp.NET MVC application targeting DNX Core 1 - rc1. I did not push any updates to the server when it stopped working.

On a Windows 7 box, I show in Firefox that it is using TLS 1.2 for this site (and works fine!)

What could be going on here? I'm out of options to try.

4 answers

solution1
 6  2019-08-02 13:42:19

Morning, a year and a half later.
I just wanted to share my experience (and solution) with this problem. I'm sure there are many reasons for this happening however one thing that i have consistently noticed is the following: Go into iis manager and select the web site that is causing problems ('Default Web Site' in my case) In the Actions pane on the right under 'Edit Site' click on 'Bindings...' Select the https binding and click 'Edit...' on the right Toggle the 'SSL certificate' selection and click ok If you see an error such as the following: 'There was an error while performing this operation. Details: A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)' What seems to have happened is the certificate has become corrupt for some reason.
The only thing that I've been able to do to remediate this issue is to remove the certificate from the server using mmc.exe and the certificates add-in (Console Root\\Certificates (Local Computer)\\Personal\\Certificates\\) and re add it in the same location. The TLS error goes away on the web page.

solution2
 0  2021-07-20 16:39:58

I struggled with this on a separate issue I was having for over a year with trying to access a web service from some code on my computer. The specific web service was the FEMA web mapping service here:

https://hazards.fema.gov/gis/nfhl/services/public/NFHLWMS/MapServer/WMSServer?request=GetCapabilities&service=WMS

I tried checking all the TLS check boxes in the internet options and tried setting some registry entries and other things recommended on some Microsoft and other web sites and I was still not able to access the service. Finally, I came across the suggestion to reset the internet explorer settings as is suggested here:

https://theohbrothers.com/fix-internet-explorer-11-error-this-page-cant-be-displayed-turn-on-tls-1-0-tls-1-1-and-tls-1-2-in-advanced-settings/

This fixed my problem and I was able to access the web site.

So here are the specific steps you can try if you're having this problem:

  1. From Internet Explorer, go to Tools > Internet Options > Advanced, under Reset Internet Explorer settings, click on Reset. Or you can just type in internet options in the Windows start search menu to get here. In the Reset Internet Explorer settings window, check the box 'Delete personal settings', and click on Reset.

  2. Once done, restart IE11 and try going to the blocked web site. Things should work now.

Actually, after further investigation and as described at the top of this web page , the above solution did not solve my problem. I think the only solution for me may be to upgrade from Windows 7 to Windows 10.

solution3
 0  2021-07-26 10:45:58

Check the "key usage" attribute of the certificate bound to website. It needs to be Key Encipherment, Data Encipherment. "Enhanced key usage" attribute needs to be server authentication.

网站证书

solution4
 -1  2021-08-19 11:07:02

Since I faced this problem, I have tried my things. Import/export certificates, enable/disable Ssl 2.0, Ssl 3.0, TLS 1.1, TLS 1.2 etc. Nothing solved my problem. (In windows Server 2012). The following workaround solved the problem. In registry editor, navigate HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Client and change the values as follows: "DisabledByDefault"=dword:00000000 "Enabled":dword:00000001

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question The client and server cannot communicate, because they do not possess a common algorithm - ASP.NET C# IIS TLS 1.0 / 1.1 / 1.2 - Win32Exception ASP.NET application calling TLS 1.0 and TLS 1.2 web services Tls 1.2 OR Tls 1.0 with .net framework 4.0 Is TLS 1.1 and TLS 1.2 enabled by default for .NET 4.5 and .NET 4.5.1? Use TLS 1.1 or 1.2 in WCF and .NET 4.0? ASP NET Core Web API disable TLS 1.0 and TLS 1.1 support How to use TLS 1.2 in ASP.NET Core 2.0 How to implement TLS 1.2 in ASP.Net Core 2.0 ASP.Net MVC application Defaults to TLS 1.0 Need to enable TLS1.2 in server environment and disable TLS1.0 & 1.1
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM