TLS 1.2 on Server - Sharepoint Designer inoperable

Question

We had to put TLS 1.2 on our servers to be compliant with corporate security requirements.  As a byproduct, we now cannot get into SharePoint Designer as it requires TLS 1.0 to handle internal communications.  Can anyone explain my options?  Do I need to upgrade from SP 2010 to SP2013 or SP2016.  I am using the foundation version of SP that was installed when we installed SQL Server.  My hosting partner is less than helpful so I really want to be able to say, here is what needs to be done.

Thanks in advance for any help.

---

Tim Vavra

Answer 1

SharePoint Server 2010 and 2013 require SSL 3.0 or TLS 1.0. You must enable TLS 1.0. SharePoint 2010/2013 are coded against SSL 3.0 and TLS 1.0 support. Microsoft will not be updating those codebases to support TLS 1.1 or TLS 1.2. SharePoint 2016 will support TLS 1.1 and 1.2. You must re-enable TLS 1.0 support.

---

Trevor Seward

        

This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Answer 2

Hi Trevor,

As per my understanding, SharePoint 2010 and 2013 requires TLS 1.0 for internal communication and SSL 3.0 can be disabled.

How about the communication between client and SharePoint server for rendering sites? It can be on TLS 1.1 and 1.2? If yes, do we need to make any changes in SharePoint server like registry changes mentioned here

https://technet.microsoft.com/en-in/library/dn786418.aspx#BKMK_SchannelTR_TLS11

Could you please suggest?

BR, Sarath

Answer 3

You cannot make any changes on the server via the registry (except disabling SSL 3.0 and earlier) as that will also disable server-to-server communication over those protocols.

You can enforce TLS 1.1 or 1.2 on the client via IE group policy.

---

Trevor Seward

        

This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Answer 4

Thanks Trevor!

It means client machines can connect to SharePoint sites over TLS 1.1 and TLS 1.2 protocol with these options enabled in IE settings.

As mentioned in my article, I'm seeing some challenges for my SP2013 environment for TLS connections:

https://social.technet.microsoft.com/Forums/en-US/c84e1c7e-1d77-4120-8ac4-79c5d0251a5a/unable-to-access-sharepoint-sites-after-security-update-kb3081320?forum=sharepointgeneral

BR, Sarath

Answer 5

Until recently it was impossible to have SharePoint 2010 to work with TLS 1.2 because of lack of support in .NET 3.5. Now a patch made it possible. See instructions here: https://blogs.msdn.microsoft.com/rodneyviana/2016/06/28/the-unofficial-guide-for-sharepoint-2013-and-2010-working-with-tls-1-2-only/

Answer 6

Thanks for the update, Rodney. Troy Starr did confirm that this was available a month or so ago, but at the time there was no official word on support for SharePoint 2010/2013.

---

Trevor Seward

This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.