Disable Older Protocols (Below TLS 1.2) in .NET Application Hosted in AWS Server

0
votes

I want to allow only request with TLS 1.2 or higher versions i.e. older communication protocols, such as SSL 3.0, TLS 1.0, and TLS 1.1, application should not serve the request.

Also my application is host in Windows Server 2016 and using .NET framework 4.5, so TLS 1.2 is already supported by the system. I just want to disable the older protocols, in order to achieve security measurement.

As per my analysis, we can disable the older protocols by updating registry setting, as mentioned in below document by Microsoft.

https://support.microsoft.com/en-in/help/4040243/how-to-enable-tls-1-2-for-configuration-manager

So, my question is that can i change registry setting of AWS EC2 and RDS instances or their is any other way. Please suggest. Thanks in advance.

1
.netamazon-web-servicessslamazon-ec2tls1.2
It depends on the specific service, and the software running on that service. Do you only want to enforce this between the end user (browser) and a web application? Or do you want to enforce it at other layers of your application (like the RDS instances you mentioned)? Are you using a load balancer? You can make that registry change on Windows EC2 instances, but you would have to use a different method for RDS instances, and ELB, etc. Please provide more details about which specific services and software you are using.Mark B
1) Yes, i want to enforce this between the end user and a web application, for TLS handshaking.jitendra joshi
2) No, currently, i don't want this between RDS and application, However, i would like to know, if u could tell the way or provide any documentation for RDS or ELB, thanks for the EC2 instance advice, i will try to update the registry as well.jitendra joshi

1 Answers

2
votes

To enforce specific TLS version(s) between the end user's browser and the load balancer, you need to change your Security Policy on in the Load Balancer's configuration.