Windows Server 2008 (not R2) possible to support beyond SSL 3.0 / TLS 1.0?

D

dabomb

2[H]4U
Joined
Apr 12, 2001
Messages
2,393
So I ran into a Windows 2008 server that I need to achieve PCI compliance on. To do this SSL 3.0 / TLS 1.0 must be disabled due to the vulnerabilities in these protocols.

The most current info I found was from 2011 and it states that Server 2008 does not support beyond TLS 1.0. Has anything changed since then? I could not find more updated information but I find it hard to believe that Server 2008 is now useless for hosting secure transactions.

http://blogs.msdn.com/b/kaushal/archive/2011/10/02/10218922.aspx

cOgZV7C.png
 
Beyond TLS 1.0 it took the industry a long time to move forward. Even web browsers only recently started turning TLS 1.1/1.2 on by default, so it doesn't surprise me Windows 2008 doesn't support the protocol. At that time it still wasn't wide spread or heavily pushed past TLS 1.0.

I'd recommend upgrading if you can. Shouldn't be too big of an ordeal upgrading from 2008 > 2008 R2. Really R2 is much better in every way if you ask me.

Sidenote: I wouldn't say TLS 1.0 is insecure by any means. But if you must meet compliance then you're going to have to drink the soda.
 
You must log in or register to reply here.
Back
Top