In order to force TLS 1.2 on any system, you need to disable following registry changes. If you don't want to do those changes manually, there is a nice free tool IIS Crypto which can do it for you.
Registry Changes:
Create DWORD DisabledByDefault value is 0 and Enabled value is 1, which means that TLS 1.2 is enabled by default.
You also need to set DisabledByDefault to 1 and Enabled to 0 for following Registry Entries
If you are doing it through IIS Crypto, select only TLS 1.2 in server and client protocols.
Now, you need to make sure that you set the default communication to TLS 1.2 for any .net managed application.
Set following registry for the same .
For 64 bit,
You can also run the following command at elevated command prompt to add SchUseStrongCrypto key.
Reboot the computer once done. And you are all set.
*.Net framework application build with 4.6.2+ use TLS 1.2 by default for the communication. but other doesn't. So you need to explicitly tell .net framework to use System Default TLS Version.
Please leave comment if you encounter any issue.
Ref:
https://thedynamicsexplorer.com/2019/11/06/dynamics-gp-error-msg-a-fatal-error-occurred-while-creating-an-ssl-client-credential-the-internal-error-state-is-10013-with-the-web-client/
https://docs.microsoft.com/en-us/configmgr/core/plan-design/security/enable-tls-1-2-client
I ran into this issue when one of our report on SQL report server wasn't able to call an API which was only supporting TLS 1.2.
Registry Changes:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ClientHKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
Create DWORD DisabledByDefault value is 0 and Enabled value is 1, which means that TLS 1.2 is enabled by default.
You also need to set DisabledByDefault to 1 and Enabled to 0 for following Registry Entries
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
If you are doing it through IIS Crypto, select only TLS 1.2 in server and client protocols.
Now, you need to make sure that you set the default communication to TLS 1.2 for any .net managed application.
Set following registry for the same .
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001"SchUseStrongCrypto" = dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]"SystemDefaultTlsVersions" = dword:00000001"SchUseStrongCrypto" = dword:00000001
For 64 bit,
[HKLM\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]"SystemDefaultTlsVersions" = dword:00000001"SchUseStrongCrypto" = dword:00000001[HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]"SystemDefaultTlsVersions" = dword:00000001"SchUseStrongCrypto" = dword:00000001
You can also run the following command at elevated command prompt to add SchUseStrongCrypto key.
reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:32
reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:64Reboot the computer once done. And you are all set.
*.Net framework application build with 4.6.2+ use TLS 1.2 by default for the communication. but other doesn't. So you need to explicitly tell .net framework to use System Default TLS Version.
Please leave comment if you encounter any issue.
Ref:
https://thedynamicsexplorer.com/2019/11/06/dynamics-gp-error-msg-a-fatal-error-occurred-while-creating-an-ssl-client-credential-the-internal-error-state-is-10013-with-the-web-client/
https://docs.microsoft.com/en-us/configmgr/core/plan-design/security/enable-tls-1-2-client
I ran into this issue when one of our report on SQL report server wasn't able to call an API which was only supporting TLS 1.2.
No comments:
Post a Comment