Comments (4)
Did you try to do any mitifations (such as registry changes or GPEDIT changes) before making this output?
If yes, do you have the output of the orginal = first run?
Windows 7 needs specific updates applied before it supports the cipher suites required by the Azure DevOps. Please look at this docs: https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-7
from azure-devops-tls12.
Great you kept the screenshot!
OK, so this is indeed the case when OS simply does not support given cipher suites and even when you configure them explicitly (as the script suggested as mitigation) will not enable them.
Since WS 7/2008 are so long after end of life, the script does not count with this.
Remove the mitigation you did in GPEDIT.
Update the Win 7 according to the article.
Run the script again - all should be green this time ;)
from azure-devops-tls12.
The script extended with a fall-back mitigation displayed at legacy OS versions (pre 10.x versions) which may lack some updates needed to support the modern cipher suites.
from azure-devops-tls12.
Hello, and thank you, the very first run was :
All changes has been made according to instructions (regedit + gpedit) :
I've added these 2 values TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
actual SSL Cipher Suites field value:
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
but I had to remove the last ciphers due to max length in the field "SSL Cipher Suites"
values removed:
,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA
I'm looking closely the doc : https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-7
from azure-devops-tls12.
Related Issues (12)
- Connection error without solution HOT 12
- Unexpected token 'EccEnable" $script HOT 3
- Once fixed, TLS 1.2 issue come back again after few weeks HOT 1
- Error - Mitigation script not created HOT 2
- Proxy support HOT 1
- Updated $null tests and switch docs to learn links HOT 1
- Agents offline and unable to connect during TLS deprecation HOT 11
- Error: The underlying connection was closed during Invoke-webRequest. Mitigation scripts shows everything is fine HOT 4
- SSL Cipher Suites maximum length in gpedit HOT 3
- When enabling Diffie-Hellman KeyExchangeAlgorithm, should also set ServerMinKeyBitLength to avoid logjam HOT 1
- ISSUE FOUND: This may be TLS compatibility issue! Probe failed when TLS-negotiating to 13.107.6.183:443. Error: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azure-devops-tls12.