Sunday, 2 October 2016

Azue MFA web SDK, server 2008R2 and TLS 1.0

In my last post I mentioned that IIS remote manager does not work if you turn off TLS 1.0.

Well now I've found another, the azure MFA WebSDK and MAF mobile app server both need TLS 1.0 to make them work.

Ref https://azure.microsoft.com/en-gb/documentation/articles/multi-factor-authentication-get-started-server-webservice/

note how MS say nothing about TLS 1.0 being needed on the install page, however it turns out you have to keep both client and server TLS 1.0 protocols enabled on the servers to make it work.

I'm not sure if this is the problem with MFA affects server 2012 R2 as well, but given that the IIS remote manger bug affects all IIS versions up to 8.5 at a minimum I would not be surprised if it did.