Thanks Nathan, that is exactly what I was looking for. Just curious, anyone out there implement this (disabling TLS 1.0 on ADFS 3.0)? Right now our security policy requires us to lock this down, but if the application requires it we can get an exception. Wondered if anyone else was in the same situation.
Thanks, Chris From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Nathan Shelby Sent: Friday, January 13, 2017 12:07 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Disable TLS 1.0 on ADFS 3.0 You should be able to adjust the settings allowed to ADFS in this case by manually adjusting what's available to schannel in windows - Note that there are, as documented, downsides do doing this for compatibility reasons. https://support.microsoft.com/ro-ro/help/3194197/considerations-for-disabling-and-replacing-tls-1.0-in-adfs https://support.microsoft.com/en-us/kb/245030 Nathan Shelby ntshe...@gmail.com<mailto:ntshe...@gmail.com> 425-205-9047 On Fri, Jan 13, 2017 at 8:36 AM, Christopher Bodnar <christopher_bod...@glic.com<mailto:christopher_bod...@glic.com>> wrote: Can anyone point me to some documentation that discusses this? I’ve tested our ADFS site with the online Qualys tool: https://www.ssllabs.com/ssltest/index.html And it comes back stating that TLS 1.0 is enabled: [cid:image003.jpg@01D26D9B.47B5A210] With ADFS 3.0 using HTTP.sys instead of IIS, I’m not sure where that is configured. Can’t find any references to this. Thank you, Christopher Bodnar Enterprise Architect II, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459<tel:(610)%20807-6459> 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com<mailto:christopher_bod...@glic.com> [cid:image001.png@01D1326B.600058E0] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> ________________________________ ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
