SwissDec 2020: TLS 1.2

As a follow-up to our December post, we are pleased to confirm that the existing transmitter SwissDecTX4 is already compatible with the latest security enhancements announced by Swissdec for 2020, however a small configuration change to the .NET Framework is necessary to enable the use of the required protocols.

Once this support is enabled, the existing SwissDecTX 4.08 transmitter starts using TLS 1.2 immediately without re-installation or redeployment.

The configuration change consists in setting registry values that direct the .NET Framework to use the latest protocols available on the underlying Operating System.

For Windows 10:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
“SystemDefaultTlsVersions”=dword:00000001
“SchUseStrongCrypto”=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
“SystemDefaultTlsVersions”=dword:00000001
“SchUseStrongCrypto”=dword:00000001

For prior versions of Windows:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
“SystemDefaultTlsVersions”=dword:00000001
“SchUseStrongCrypto”=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
“SystemDefaultTlsVersions”=dword:00000001
“SchUseStrongCrypto”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
“Enabled”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
“DisabledByDefault”=dword:00000000

Copy the above text in a new text file that ends with a .reg extension and merge this file with the registry.

Note that TLS 1.2 is only available on Windows 7 SP1 or later, and Windows Server 2008 or later. Those operating systems then de-facto become the minimum system requirements for TLS 1.2 compatibility.

The details of the .NET Framework TLS 1.x compatibility matrix and system requirements can be found here:

https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client

Thanks to Michael Iten for helping testing on Windows Server 2008 R2!



0 comments on “SwissDec 2020: TLS 1.2
    2 Pings/Trackbacks for "SwissDec 2020: TLS 1.2"
    1. January 2020 Security Update - SwissDecTX Transmitter 4.0 (Swissdec ELM Transmitter 4) says:
      February 26, 2020 at 9:45 pm

      […] EDIT: See our follow up post here! […]

    2. SwissDecTX 5.0 Work in Progress! - SwissDecTX Transmitter (Swissdec ELM Transmitter) says:
      August 30, 2021 at 12:13 pm

      […] First, we want to restate the existing SwissDecTX Transmitter 4.0 is (and always was) fully compatible with the latest Swissdec security requirements, notably TLS 1.2, but that Windows requires some registry tweaks to enable this support which is off by default, see our article on the subject. […]