TLS 1.1 (), TLS 1.2 ()"įrom the RDP specification PDF: "When Enhanced RDP Security is used, RDP traffic is no longer protected by using Relevant extracts from the links provided:įrom the MSDN link: "RDP supports four External Security Protocols: TLS 1.0 (),
There is a complete lack of main stream documentation on Technet or other Microsoft sites it seems so hopefully documenting this here may help some people.
This documentation is hidden away in an SChannel logging and a very detailed specification for RDP. I have finally managed to find some documentation that confirms that TLS 1.1 and TLS 1.2 ARE supported by RDP. We also do not want to fall back to RDP Security Layer which is a major security concern. I have been looking into this for a couple of days now as we to have to comply with PCI-DSS 3.1 which requires TLS 1.0 to be disabled. UPDATE 2: Microsoft has released a tutorial regarding SQL Server Support for PCI DSS 3.1. See the answer below for the relevant server update. UPDATE 1: Microsoft has now addressed this issue. Note: There appears to be a way to do it by configuring the server to use the RDP Security Layer but that disables Network Level Authentication, which seems like trading one evil for another. Does anybody know a way to disable TLS 1.0 on Windows Server 2008 R2 without breaking RDP? Does Microsoft plan support for RDP over TLS 1.1 or TLS 1.2? After some research, it appears that RDP only supports TLS 1.0 (see here or here), or at least it's not clear how to enable RDP over TLS 1.1 or TLS 1.2. I tried to be proactive by disabling TLS 1.0 on our Windows Server 2008 R2 machine, only to find that immediately after reboot I was completely unable to connect to it via Remote Desktop Protocol (RDP). Our credit card processor recently notified us that as of Jwe will need to disable TLS 1.0 to remain PCI compliant.
0 kommentar(er)
