SwissDec 2020: TLS 1.2

As a follow-up to our December post, we are pleased to confirm that the existing transmitter SwissDecTX4 is already compatible with the latest security enhancements announced by Swissdec for 2020, however a small configuration change to the .NET Framework is necessary to enable the use of the required protocols.

Once this support is enabled, the existing SwissDecTX 4.08 transmitter starts using TLS 1.2 immediately without re-installation or redeployment.

The configuration change consists in setting registry values that direct the .NET Framework to use the latest protocols available on the underlying Operating System.

For Windows 10:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
“SystemDefaultTlsVersions”=dword:00000001
“SchUseStrongCrypto”=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
“SystemDefaultTlsVersions”=dword:00000001
“SchUseStrongCrypto”=dword:00000001

For prior versions of Windows:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
“SystemDefaultTlsVersions”=dword:00000001
“SchUseStrongCrypto”=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
“SystemDefaultTlsVersions”=dword:00000001
“SchUseStrongCrypto”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
“Enabled”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
“DisabledByDefault”=dword:00000000

Copy the above text in a new text file that ends with a .reg extension and merge this file with the registry.

Note that TLS 1.2 is only available on Windows 7 SP1 or later, and Windows Server 2008 or later. Those operating systems then de-facto become the minimum system requirements for TLS 1.2 compatibility.

The details of the .NET Framework TLS 1.x compatibility matrix and system requirements can be found here:

https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client

Thanks to Michael Iten for helping testing on Windows Server 2008 R2!



0 comments on “SwissDec 2020: TLS 1.2
1 Pings/Trackbacks for "SwissDec 2020: TLS 1.2"