Dsiable TLS 1.0 on a specific IP for PCI compliance

Question

We have a dedicated windows server 2008 R2 with multiple IPs set up.

We have to disable TSL 1.0 and SSL 3.0 for the PCI compliance but SQL server doesn't connect when they are both disabled.

Is there a workaround to this or is there a way to disable both TSL 1.0 and SSL 3.0 for a specific IP?

Regards,

J.

Answer 1

Attempt to avoid using SSL and use TLS 1.2 & TLS 1.0. http://blogs.msdn.com/b/sqlserverfaq/archive/2012/04/04/can-tls-certificate-be-used-for-sql-server-encryption-on-the-wire.aspx

Answer 2

The SQL Server 2008 R2 drivers don't support later versions of TLS, even though the base OS does.

However, mitigation to allow specific TLS versions through only certain interfaces to certain systems can be done using netsh, e.g.

netsh firewall advfirewall XXXXX