Iis – Is it possible to force TLS 1.2 on an IIS Site

iistls

I have an IIS site where I want to force TLS 1.2. I don't want client using TLS 1 to be able to connect to the site.

I want to do this at the site level as there are other sites that should work with older version.

Thank you

Best Answer

There isn't a way to change only a single site on a server to support only TLS 1.2. IIS is managed using SCHANNEL, as documented here. 2012r2 and below does not support per site configuration.

If you absolutely have to do something like this the easiest method is a SSL proxy that allows the lower levels inbound and can create TLS 1.2 connections outbound.. This relay can be used for your lower level sites and your secure site can be accessed directly.

Best Answer

Related Solutions

Enable TLS 1.2 in Windows Server 2012 running Exchange 2013 via IIS 8.0

Is it possible to configure ARR to make TLS 1.2 outgoing connections in Server 2008 R2

Related Topic