ADFS v3 on Windows Server 2012 R2 rejects SSLv3 requests

Question

I faced an issue with ADFS v3 running on Windows Server 2012 R2

When client which is restricted to use SSLv3 only accesses the ADFS site url, the request fails.

The same thing works when using ADFSv2 on 2008 R2.

The thing I noticed is ADFSv3 is moved from IIS into properity process using the windows HTTP server API. also, I verified that sites running under IIS on 2012 R2 servers accepts SSLv3 requests. Thus, I assume its connected to the fact ADFSv3 is running under HTTP.sys now.

Any ideas how to enable SSLv3 for HTTP Server Api?

(Schannel is configured to enable SSLv3 connections on server.)

score 0 · Answer 1 · answered Jul 14 '16 at 13:50

0

I found a solution, it was an SNI issue.

you need to configure a fallback certificate using netsh.

Reference: https://newsignature.com/articles/federation-adfs-3-0-sni-support/

answered Jul 14 '16 at 13:50

Tamir

1

ADFS v3 on Windows Server 2012 R2 rejects SSLv3 requests

1 Answers1