Configure TLS version on IIS Express
Question
I've got a.Net 6 web api that uses optional certificate authentication. I'm struggling with my debugging setup.
By default, IIS Express doesn't appear to take the client certificate presented, so I edited the applicationhost.config file to include
<access sslFlags="Ssl, SslNegotiateCert" />
This means my testing using powershell to call the API with a client certificate works, however I've now lost the ability to access the Swagger page, getting a ERR_CONNECTION_RESET when try to connect with a browser.
I had a similar issue on IIS (full) and resolved it by disabling HTTP/2 & TLS1.3 - is it possible to configure such a thing in IIS Express?
1 answers
solution1
1 ACCPTED 2022-03-13 18:49:48
Well, I managed to figure it out, adapting information from https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs as a reference.
I created the following two keys in the registry
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server] "DisabledByDefault"=dword:00000001
And after a reboot, I'm able to connect using both certificate auth and my browser:)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.