Scenario
For Exclaimer products to utilize the most up-to-date security protocols, it is necessary for the computer's Transport Layer Security (TLS) protocols to be configured manually.
Resolution
We strongly advise you to back up the Windows registry before any modifications are made - in doing so, you will have the option to restore the backup if a problem occurs.
For more information, see How to back up and restore the registry in Windows.
Here we recommend the steps that need to be completed - please click on the required options listed below to go through the detailed description:
The best practices in this article depend on recent security updates being installed.
Please ensure that all Windows updates have been installed.
For more information, see Exchange Server TLS guidance, part 1: Getting Ready for TLS 1.2
- From Notepad.exe, create a text file and name it TLS12-Enable.reg.
- Copy then paste the following text:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001 - Save the TLS12-Enable.reg file.
- Double-click the TLS12-Enable.reg file.
- Click Yes to update your Windows Registry with these changes.
- From Notepad.exe, create a text file and name it TLS1011-Disable.reg
- Copy then paste the following text:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000 - Save the TLS1011-Disable.reg file.
- Double-click the TLS1011-Disable.reg file.
- Click Yes to update your Windows Registry with these changes.
- From Notepad.exe, create a text file and name it NET-UseSchannelDefaults.reg
- Copy then paste the following text:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001 - Save the NET-UseSchannelDefaults.reg file.
- Double-click the NET-UseSchannelDefaults.reg file.
- Click Yes to update your Windows Registry with these changes.
- Restart your computer for the change to take effect.