Enabling Strong TLS for .NET


This article applies to:

  • Trustwave SEG Service Provider Edition
  • Systems with TLS 1.0 disabled

Question:

  • How do I enable use of TLS 1.1 and 1.2 by .NET components in SPE?
  • How do I fix TLS related errors connecting from SPE to the SEG Array Manager?

Procedure:

To allow use of "Strong" TLS (1.1 and 1.2) by .NET, you must enable system settings and .NET specific settings on affected systems, specifically the Marshal Interface Agent server.

This article covers .NET specific settings.

Update the following Registry entries (see also the attached Powershell script):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001

Notes:

  • The SchUseStrongCrypto setting allows .NET to use TLS 1.1 and TLS 1.2. 
  • The SystemDefaultTlsVersions setting allows .NET to use the OS configuration.
  • For further information see Microsoft documentation.


Last Modified 12/22/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle21159.aspx