Hi Chris,
I am having the same issue. Were you able to work around this
-yinidu
On Tuesday, January 26, 2016 at 10:53:30 AM UTC+8, Chris Carlson wrote:
>
> Recently, I've undertaken the task of PCI Compliance for several servers I
> manage. One of the recurring recommendations is to disable TLS 1.0 in favor
> of TLS 1.1/1.2.
>
> The good news.. Disabling TLS 1.0 on a group of servers is super easy
> using Ansible! Sadly, one of the side effects of disabling is that the
> WinRM connection in my Ansible scripts becomes completely broken afterward.
> After disabling, connecting to Windows servers results in the following
> error:
>
> fatal: [10.0.20.20]: FAILED! => {"failed": true, "msg": "ERROR! ssl: 500
> WinRMTransport. [Errno 54] Connection reset by peer"}
>
> Re-enabling TLS 1.0 will correct the issue, but obviously it's not ideal
> and I'm wondering what can be done.. So, some questions:
>
> 1. Is TLS 1.0 required in Windows, or is it something in pywinrm package?
> 2. If TLS 1.0 must be used, is there an interim solution where it can be
> disabled for IIS (port 443) only? The only solutions I have found online
> disable it in the SCHANNEL/Protocols registry key, which then disables it
> system-wide in Windows
> 3. Has anyone run into this problem or discovered another workaround?
>
> Thanks, looking forward to discussing!
>
> -chris
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/b2cddbed-b03a-4072-b201-66fabbe696c7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
