Dec 13 2019 11:39 PM
Hi,
When we read about "TLS version enforcement capabilities now available per certificate binding on Windows Server 2019", it sounded perfect. However we cannot get it to work? We are on OS Build 17763.914 and when we go to the site binding the screenshot below is all we get. According to https://docs.microsoft.com/en-us/security/disable-legacy-tls we should also have a disable Legacy TLS checkbox.
The version of windows server/iis we have is latest as per windows update and is after the version mentioned in the article. We have also tried to do via "netsh http add sslcert ...", but when we add the argument disablelegacytls=enable it fails, even though it is listed in the help as an argument.
Does something need turning on or setting? Tried a couple of things, but no luck.
Any hints or assistance much appreciated.
Regards
Paul
Dec 29 2019 11:01 PM
This actually looks like Microsoft never ended up implementing it, unless there's is some undocumented setting or requirement? Does anybody know anything about this? Thanks.
Paul
Mar 12 2021 08:06 AM
Oct 26 2021 01:11 PM - edited Oct 26 2021 01:13 PM
It's now October 2021, and Disable Legacy TLS is still not implemented in Windows Server 2019 IIS UI
(but it is implemented on Windows 10 IIS version 10.0.19041.1)