Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Transport Layer Security (TLS) 1.0 not supported on Windows Server 2016 or newer #2

Closed
phaupt opened this issue Nov 23, 2021 · 3 comments · Fixed by #3
Closed

Transport Layer Security (TLS) 1.0 not supported on Windows Server 2016 or newer #2

phaupt opened this issue Nov 23, 2021 · 3 comments · Fixed by #3
Labels
enhancement New feature or request

Comments

@phaupt
Copy link
Member

phaupt commented Nov 23, 2021

TLS 1.0 is currently hard coded and not a problem with Windows Server 2012 R2 (as specified as system requirement). However, newer Windows Server versions such as Windows Server 2016 will fail the connection if TLS 1.0 is used.

The TLS version should be configurable, so that it can be set to TLS 1.2.

Refer to: https://github.com/MobileID-Strong-Authentication/mobileid-enabler-adfs/blob/main/Service/WebClientImpl.cs line 754

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;    // TODO: make TLS version configurable
@phaupt phaupt added the enhancement New feature or request label Nov 25, 2021
@PascalBayard
Copy link
Collaborator

I added the TLS version as config parameter in the mobileIdClient-Config. The default value is still TLS version 1.0.

I updated Visual Studio Version to 2022 and the .NET Framework Version to 4.8.

Now i struggling to create the installer, maybe you can help me.

@phaupt
Copy link
Member Author

phaupt commented Nov 25, 2021

Did you rebuild the setup program using InnoSetup ?

  1. Check out the source code from here to your development PC, for example, folder H:\midadfs (subfolders are Service and AuthnAdapter).

  2. Copy the file Microsoft.IdentityServer.Web.dll from a Windows 2012 R2 server which has the role
    Active Directory Federation Services (AD FS) installed. By default, the DLL file is located in
    C:\Windows\ADFS on your server.
    The DLL file should be copied to the folder of the project AuthnAdapter. In the example above, it is H:\midadfs\AuthnAdapter.

  3. Create your own assembly-signing key mobileid.snk, either in visual studio (right-click a project > Properties > Signing > Sign the assembly > create new key), or with command line (sn.exe -k 2048 mobileid.snk).
    Place it in the folder where the *.sln file is located (H:\midadfs in the example).

The solution should be ready to build now. Each project folder has a README file which briefly describes the project.

@PascalBayard
Copy link
Collaborator

It worked and I was able to create the installer. To sign the installer with a valid certificate I need access to our hardware token, this will take until monday.

For a first test I added you the intaller signed with my test certificate.
midadfs_setup_1.3.0.0.zip

@PascalBayard PascalBayard mentioned this issue Nov 29, 2021
Merged
@phaupt phaupt closed this as completed in #3 Nov 29, 2021
phaupt added a commit that referenced this issue Nov 29, 2021
@phaupt
Merge pull request #3 from PascalBayard/develop/#2_Mobile_ID_ADFS_TLS…
ef8d4f3 
…_Version

Develop/#2 mobile id adfs tls version
@PascalBayard PascalBayard mentioned this issue Dec 3, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Develop/#2 mobile id adfs tls version PascalBayard/mobileid-enabler-adfs
2 participants
@phaupt @PascalBayard