How to enable TLS 1.2

Question

0.00/5 (No votes)

See more:

As per this article to enable TSL1.2 we need to update "SecureProtocol" key in below to registry locations with other registry keys.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

The challenge here is, we need to update this keys in all the clients machines with an installer. I tried to update this to keys while installer is installing but the installer can only access Local Machine Internet setting key. It could not access Current User internet settings key because installer is running under System context.

The installer is set to run in Deferred Execution under System Context to install for all the clients who does not have admin privileges. I can't change installer configuration now.

My question is Setting "Secure Protocol" value under local machine internet settings is not enough to enable TLS1.2?

Is it mandatory to set "Secure Protocol" value under Current User internet settings as well?

thanks in advance.

What I have tried:

I tried setting current User registry using SID while installer is installing but the installer is not finding currently logged in user SID.

Posted 17-May-18 21:08pm

naveen_g

Updated 18-May-18 7:04am

Add a Solution

Comments

MadMyche 23-May-18 17:13pm

What flavor of Windows and .Net Framework? Win versions 5.2 and lower will not support anything over TLS 1.0

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Gerry Schmitz · Answer 1 · 2018-05-18T07:05:00

I set "Secure Protocol" in the app as required:

   ServicePointManager.ServerCertificateValidationCallback += ValidateCertificate;

   ServicePointManager.SecurityProtocol =
      SecurityProtocolType.Tls |
      SecurityProtocolType.Tls11 |
      SecurityProtocolType.Tls12 |
      SecurityProtocolType.Ssl3;

   try {
      // Related process.

   } finally {
      ServicePointManager.ServerCertificateValidationCallback -= ValidateCertificate;
   }

//
private static bool ValidateCertificate(
   Object sender, X509Certificate cert, X509Chain chain,
   SslPolicyErrors Errors ) {

   return true;
}