TFS TLS 1.1/1.2 [英] TFS TLS 1.1/1.2
问题描述
我们目前在 Windows Server 2012 R2 上使用 TFS 2015.3.使用NARTAC指定使用TLS1.1/1.2并禁用TLS1.0后,我们的构建层服务器无法连接到应用层服务器.
有没有遇到同样的问题并解决了?谢谢
问候,
似乎不支持 TLS 1.1 和 TLS 1.2.
确保您安装的 TFS、底层 .NET 版本和 Windows Server 都支持 TLS 1.2 端点.
TFS 使用的 .NET Framework 版本必须支持 TLS 1.2.某些 .NET Framework 版本可能需要对SchUseStrongCrypto"进行额外的注册表设置,如此处.
无论如何,您可以尝试使用下面提到的解决方案:
<块引用>默认情况下,.Net 有一个名为useStrongCrypto"的设置,允许客户端 PC 使用 TLS 1.1 及更高版本.
为了保护您的本地客户端 PC 以使用 TLS 1.1 及更高版本(或作为Microsoft 术语是强加密")您需要编辑以下内容注册表项:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto = 00000001 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30310\0密码>0p10.0.30310\0.0.30310加密或者您可以简单地将以下内容剪切并粘贴到 .reg 文件中并运行它(只有在您知道自己在做什么时才这样做).
Windows 注册表编辑器 5.00 版
<代码>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]"SchUseStrongCrypto"=dword:00000001
来源:在禁用 SSL 3.0 和 TLS 1.0 等不安全密码后让 WebDeploy 工作
还有这篇文章供您参考:行为不当的 HTTPS 服务器会损害 TLS 1.1 和 TLS 1.2
We are currently using TFS 2015.3 on Windows server 2012 R2. After using NARTAC to specify using TLS1.1/1.2 and disable TLS1.0, our build tier server cannot connect to application tier server.
Does any have the same issue and got it fixed? Thank you
Regards,
Seems it's not supported for TLS 1.1 and TLS 1.2.
Ensure that your installation of TFS, the underlying .NET version(s), and Windows Server all support TLS 1.2 endpoints.
.NET Framework version(s) used by TFS must support TLS 1.2. Some .NET Framework versions may require additional registry settings for "SchUseStrongCrypto" as described here.
Whatever, you can have a try with the solution mentioned below:
By default .Net has a setting called "useStrongCrypto" that allows the client PC to use TLS 1.1 and higher.
To enable secure your local client PC to use TLS 1.1 and higher (or as Microsoft terms is "strong crypto") you need to edit the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto = 00000001 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto= 00000001Or you could simply cut and paste the following into a .reg file and run it (only do this if you know what you’re doing).
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001Source here : Getting WebDeploy working after disabling insecure Ciphers like SSL 3.0 and TLS 1.0
Also this article for your reference: Misbehaving HTTPS Servers impair TLS 1.1 and TLS 1.2
这篇关于TFS TLS 1.1/1.2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
