none
Upgrade of TLS 1.2 RRS feed

  • Question

  • Hello All,

                  We have MVC.NET application based on .net framwork 3.5 being hosted from Windows 2008 R2 SP1 web server. Now we want to upgrade TLS to 1.2 . I tried the options of adding the keys in Registry TLS 1.2 explicitly and enabling and also explicitly disabling the TLS 1.0 and TLS 1.1. I have also tried adding the key SchUseStrongCrypto for all the framweworks at two places HKLM\SOFTWARE\Microsoft\.NetFramework and HKLM\SOFTWARE\Wow6432Node\Microsoft\.NetFramework but still i can see in wireshark logs the communication between netscaler and webserver happens on TLS 1.0. Can some one give me the detailed steps of upgrading the TLS 1.2 ? Do i need to do any code change in my application ? I have seen lots of msdn blogs but none of them helped.

    Thanks,

    Prathima 

    Wednesday, March 14, 2018 5:15 AM

All replies

  • Hi Prathima,

    thanks for posting here.

    >>Upgrade of TLS 1.2

    What's your Windows version?

    The Microsoft has added a feature for .Net 3.5 allowing applications to optionally use system-default SSL and TLS versions, including TLS 1.2. To use this feature, you should first install a patch that is specific to each version of Windows, as described in the KB articles below, and then modify the registry as described in each KB article.

    KB3154518    Reliability Rollup HR-1605 - NDP 2.0 SP2 - Win7 SP1/Win 2008 R2 SP1

    KB3154519    Reliability Rollup HR-1605 - NDP 2.0 SP2 - Win8 RTM/Win 2012 RTM

    KB3154520    Reliability Rollup HR-1605 - NDP 2.0 SP2 - Win8.1RTM/Win 2012 R2 RTM

    KB3156421    1605 HotFix Rollup through Windows Update for Windows 10.

    Hope this could be help of you.

    Best Regards,

    Baron Bi


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, March 14, 2018 7:43 AM
  • Thanks Baron for your reply. It is bit confusing though is really the patching is required ? I did see the this link earlier before i posted i didnot really understand what the registry entry defaulttlsversions would do ? And also the OS matrix in the link shows that TLS 1.1 and TLS 1.2 are off on windows 2008 R2 SP1 i.e. even after the patching ? Do we need to have to turn the TLS by adding in the Security Providers registry ?

    Thanks,

    Prathima

     
    Thursday, March 15, 2018 1:16 AM
  • Hi Parathima,

    >>It is bit confusing though is really the patching is required ?

    As far as I know, on the earlier time, TLS 1.2 is not supported by .net framework 3.5. TLS 1.2 could only be supported by 4.5.

    Support Scope from 3.5:

    http://msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols(v=vs.90).aspx

    That's why you need the KB file.

    Hope this could be help of you.

    Best Regards,

    Baron Bi


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Proposed as answer by Baron Bi Saturday, March 17, 2018 2:17 AM
    Thursday, March 15, 2018 2:00 AM
  • Hi Baron,

     I tried installing the patch on the server it says the patch is not applicable. Dont know why .

    Thanks.

    Prathima

    Monday, March 19, 2018 5:07 AM
  • >>I tried installing the patch on the server it says the patch is not applicable. Dont know why .

    I'm not quite familiar with this. You could try on this forum below.

    https://answers.microsoft.com/

    If you have any other concerns with c++ codes, I will be glad to help you.

    Your understanding and cooperation will be grateful.

    Best Regards,

    Baron Bi


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, March 19, 2018 7:58 AM