To see if this will be an issue for you, create a .aspx page on your site with the following code:
Code: Select all
<%@ Page Theme="" Language="C#" %>
<!DOCTYPE html>
<script runat="server">
public void Page_Load(object sender, EventArgs e)
{
TestSSL();
}
public void TestSSL()
{
var test_servers = new Dictionary<string, string>();
test_servers["SSL 2"] = "https://www.ssllabs.com:10200";
test_servers["SSL 3"] = "https://www.ssllabs.com:10300";
test_servers["TLS 1.0"] = "https://www.ssllabs.com:10301";
test_servers["TLS 1.1"] = "https://www.ssllabs.com:10302";
test_servers["TLS 1.2"] = "https://www.ssllabs.com:10303";
var output = new StringBuilder();
foreach(var item in test_servers)
{
HttpWebRequest req = null;
output.Append("<br /><strong>" + item.Key + ":</strong> ");
try
{
req = (HttpWebRequest)WebRequest.Create(item.Value);
req.Method = "POST";
HttpWebResponse resp = (HttpWebResponse)req.GetResponse();
output.Append("true - ");
output.Append("Status " + resp.StatusCode);
}
catch (Exception ex)
{
output.Append("false - " + ex.Message);
}
litSupported.Text = output.ToString();
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<asp:Literal ID="litSupported" EnableViewState="false" runat="server" />
</form>
</body>
</html>
Fortunately, we were using a fully patched Windows Server 2012 and have .Net 4.5+ installed. So the work around wasn't that painful. We added the following code to Global.asax to enable TLS 1.2, and left TLS 1.1 and TLS 1.0 enabled in case it is required by other web services we utilize that aren't affected by PCI:
Code: Select all
protected void Application_Start(Object sender, EventArgs e)
{
System.Net.ServicePointManager.SecurityProtocol =
(System.Net.SecurityProtocolType)(System.Security.Authentication.SslProtocols)0x00000C00 | // TLS 1.2
(System.Net.SecurityProtocolType)(System.Security.Authentication.SslProtocols)0x00000300 | // TLS 1.1
SecurityProtocolType.Tls; // TLS 1.0
}