Relevant Product: Exclaimer Cloud - Signatures for Office 365 | Signature Manager Exchange Edition | Signature Manager Outlook Edition | Mail Archiver
Scenario
In order for Exclaimer products to utilise the most up-to-date security protocols, it is necessary for the computer's Transport Layer Security (TLS) protocols to be configured manually.
Resolution
This article recommends that all of the following steps be completed:
- Ensure Windows is up-to-date
- Enable TLS 1.2
- Disable TLS 1.0 and 1.1
- Configure .NET Security Settings
Warning: Windows Registry modifications should always be approached with extreme care - serious problems can occur if you modify the Windows registry incorrectly!
We strongly advise you to back up the Windows registry before any modifications are made - in doing so you will have the option to restore the backup if a problem occurs.
For more information, see How to back up and restore the registry in Windows.
Ensure Windows is up-to-date
The best practices in this article depend on recent security updates being installed.
Please ensure that all Windows updates have been installed.
Enable TLS 1.2
- From Notepad.exe, create a text file and name it TLS12-Enable.reg.
- Copy then paste the following text:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001 - Save the TLS12-Enable.reg file.
- Double-click the TLS12-Enable.reg file.
- Click Yes to update your Windows Registry with these changes.
- Restart your computer for the change to take effect.*
Disable TLS 1.0 and 1.1
- From Notepad.exe, create a text file and name it TLS1011-Disable.reg
- Copy then paste the following text:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000 - Save the TLS1011-Disable.reg file.
- Double-click the TLS1011-Disable.reg file.
- Click Yes to update your Windows Registry with these changes.
- Restart your computer for the change to take effect.*
Configure .NET Security Settings
- From Notepad.exe, create a text file and name it NET-UseSchannelDefaults.reg
- Copy then paste the following text:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001 - Save the NET-UseSchannelDefaults.reg file.
- Double-click the NET-UseSchannelDefaults.reg file.
- Click Yes to update your Windows Registry with these changes.
- Restart your computer for the change to take effect.*