HIEPIC.COM : 1984-2024

June 2, 2020

[EXO] The client and server cannot communicate, because they do not possess a common algorithm

Windows Server 2008 can’t do beyond TLS 1.0.
Newer versions can, but don’t have TLS 1.1 or 1.2 turned on by default.
Best pratice to disable 1.0, 1.1 – mostly depreciated and not supported

Check supported protocols:

https://www.ssllabs.com/ssltest/index.html

Turn off TLS 1.0.1.1 and SSL

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
“DisabledByDefault”=dword:00000001
“Enabled”=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
“DisabledByDefault”=dword:00000001
“Enabled”=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
“DisabledByDefault”=dword:00000001
“Enabled”=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
“DisabledByDefault”=dword:00000001
“Enabled”=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
“DisabledByDefault”=dword:00000001
“Enabled”=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
“DisabledByDefault”=dword:00000001
“Enabled”=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
“DisabledByDefault”=dword:00000001
“Enabled”=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
“DisabledByDefault”=dword:00000001
“Enabled”=dword:00000000

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]

“DisabledByDefault”=dword:00000001

“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]

“DisabledByDefault”=dword:00000001

“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]

“DisabledByDefault”=dword:00000001

“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]

“DisabledByDefault”=dword:00000001

“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]

“DisabledByDefault”=dword:00000001

“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]

“DisabledByDefault”=dword:00000001

“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]

“DisabledByDefault”=dword:00000001

“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]

“DisabledByDefault”=dword:00000001

“Enabled”=dword:00000000

Enabling TLS 1.2 Use

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
REG_DWORD value of:  SchUseStrongCrypto with a value of 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
REG_DWORD value of:  SystemDefaultTLSVersions with a value of 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v3.0
REG_DWORD value of:  SchUseStrongCrypto with a value of 1
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.5.23026
REG_DWORD value of:  SchUseStrongCrypto with a value of 1

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.5.1

REG_DWORD value of:  SchUseStrongCrypto with a value of 1
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319
REG_DWORD value of:  SchUseStrongCrypto with a value of 1

1

2

3

4

5

6

7

8

9

10

11

12

13

14

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319

REG_DWORD value of: SchUseStrongCrypto with a value of 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319

REG_DWORD value of: SystemDefaultTLSVersions with a value of 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v3.0

REG_DWORD value of: SchUseStrongCrypto with a value of 1

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.5.23026

REG_DWORD value of: SchUseStrongCrypto with a value of 1

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.5.1

REG_DWORD value of: SchUseStrongCrypto with a value of 1

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319

REG_DWORD value of: SchUseStrongCrypto with a value of 1

epic

Contributer and Author Enterprise Communications Engineer Hi Epic

theelau@gmail.com

testest test

0 0 votes

Article Rating

Subscribe

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments