Recently I had my servers audited for PCI compliance.
As part of this I was picked up for not having TLS 1.0 disabled as per:
http://blog.varonis.com/ssl-and-tls-1-0-no-longer-acceptable-for-pci-compliance/
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1_Summary_of_Changes.pdf
When I disable TLS 1.0 using IISCrypto Web Deploy breaks.
Has anyone found a WebDeploy 3.6 fix for using WebDeploy without TLS 1.0?
We added registry keys to force the .NET app pool over to TLS 1.2. This was to allow an app to talk to Salesforce after SF issued a critical update disabling TLS 1.0. The registry keys apply to the whole server as opposed to a single site, unfortunately. The build broke for the reason you indicate above. This worked for us:
Getting WebDeploy working after disabling insecure Ciphers like SSL 3.0 and TLS 1.0
Excerpt:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]"SchUseStrongCrypto"=dword:00000001
