SecureAuth version affected: All
Description:
SSL/TLS may need to be enabled/disabled due to environmental factors or restrictions throughout any given time through the server's lifespan.
Cause:
TLS versions may be turned off due to security server hardening or cipher/protocol lockdowns.
Resolution:
Enabled or disable TLS/SSL as needed be.
- Open up regedit.exe and navigate to the key location provided:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols - Once here, expand Protocols, there will be the following:
- To disable or enable a protocol, expand Server or Client, whichever you want to change and adjust the value to the following:
Binary:
0 - off
1 - on
Hexadecimal:
0x00000000 - off
0xffffffff - on (4294967295) - For example, to disable TLS 1.0 on the server side, you would Set DisabledByDefault to 1 and Enabled to 0 These are DWORD values
- Once the respective changes are made, restart the server for the registry to propagate.
- The screenshot below shows TLS 1.2 Enabled for Server communication.
Comments
Thanks Justin,
But we know how to do this,
But "can" we eliminate TLS 1.1 with SA SSO without affecting our end clients?
Ron
Ron
Please sign in to leave a comment.