TLS 1.2 udfordringer

TLS 1.2 giver til tider udfordringer, dvs. disablingen af TLS 1.0 er den realle udfordring.

Her er lidt af det jeg har gravet frem over de sidste par uger.

Powershell

# EITHER: Enable all current TLS variants:

[System.Net.ServicePointManager]::SecurityProtocol = 'Tls,Tls11,Tls12'

# OR: Enforce TLS 1.2 only and also check Certificate Revocation Lists (CRLs):

[System.Net.ServicePointManager]::SecurityProtocol = 'Tls12'

[System.Net.ServicePointManager]::CheckCertificateRevocationList  = $true

Url: http://davestechnology.blogspot.dk/2017/07/2012-r2-support-tls-12-but-defaults-to.html

WinHttp



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

DefaultSecureProtocols Protocol enabled
0x00000008 Enable SSL 2.0 by default
0x00000020 Enable SSL 3.0 by default
0x00000080 Enable TLS 1.0 by default
0x00000200 Enable TLS 1.1 by default
0x00000800 Enable TLS 1.2 by default

url: https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

Prioritering af cipher suites
URL: https://msdn.microsoft.com/en-us/library/windows/desktop/mt767780(v=vs.85).aspx samt https://msdn.microsoft.com/en-us/library/windows/desktop/aa374757(v=vs.85).aspx

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002
https://blogs.technet.microsoft.com/askds/2015/12/08/speaking-in-ciphers-and-other-enigmatic-tonguesupdate/

TLS 1.2 udfordringer

Main Menu