IIS 7 – How to Disable TLS 1.0 for a Specific Website

iissslwindows-server-2012-r2

Everything I can find on disabling TLS 1.0/1.1 and SSL 3.0 involves editing the registry to disable it at the server level.

Unfortunately our website communicates with a vendor application that still requires TLS 1.1, and disabling it at the server level breaks it for that connection.

Is there a way to disable TLS/SSL specifically for our website while leaving it active at the server level?

Best Answer

You can't do it.

The newest IIS (v10 - on Server 2019) lets you choose "Disable Legacy TLS" on a per-binding level, but the version you have cannot do it.

Realistically, there are only two ways to do what you want:

Upgrade to Windows Server 2019
Set up an edge reverse proxy to handle SSL termination for your website and send it back to your main server. The edge proxy will handle only modern TLS versions and the actual server will not be accessible from outside.

Best Answer

Related Solutions

Ssl – How to disable SSL 2.0 support on IIS

Ssl – Safest ciphers to use with the BEAST? (TLS 1.0 exploit) I’ve read that RC4 is immune

Related Topic