TLS 1.2 Support

Follow

Problem

Some components of RED Identity Management cannot automatically use TLS 1.2.

RED Identity Management, through version 5.5.2.2, does not automatically enable support for TLS 1.2. Moreover, Microsoft .Net Framework does not automatically enable support for TLS versions higher than 1.0.

Cause

Microsoft's .NET 4.5, 4.5.1, and 4.5.2 do not enable TLS 1.1 and TLS 1.2 by default. 

Any RED Identity Management components based on the Microsoft.NET framework will fail to connect to anything requiring the use of TLS 1.2. 

Note: Microsoft SQL Native Client v11 is not a RED Identity Management Component. This product DOES automatically enable support for TLS 1.2 to the backend data store. If the program data store is configured to use TLS 1.2, you must use the Microsoft SQL Native Client v11.

Upgrading to the latest versions of Microsoft .Net Framework does not help. 

Integrations Affected

  • Lieberman PowerShell components communicating with web service URI where web service host requires TLS 1.2.
  • Sales Force Management: As of October 21, 2017, Salesforce has disabled the use of TLS 1.0: https://help.salesforce.com/articleView?id=000221207&type=1.
  • Other cloud services mandating the use of TLS 1.2.

Resolution

This will be resolved in code in future releases of RED Identity Management

  1. Upgrade to a recent version of RED Identity Management. Specifically version 5.5.2.0 or later.
  2. Enable TLS 1.2 by setting the following values in your host system(s) registry:

CAUTION: Improper modification of the registry can cause system instability!

  • Navigate to: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319"
  • Create a new DWORD = SchUseStrongCrypto and set the value to 1
  • Navigate to : "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319"
  • Create a new DWORD = SchUseStrongCrypto and set the value to 1

 

Was this article helpful?
1 out of 1 found this helpful

Comments

Powered by Zendesk