Views:

TLS 1.0 and prior (SSL 2.0 and 3.0) are no longer supported by Microsoft and many companies are disabling those encryption protocols. You will need to make sure the proper TLS 1.1 and 1.2 settings are set to ensure that METTTEAM works correctly.

Necessary Patches

SQL Server

To figure out the appropriate patch, you will need to run the following script in SQL on the master database to find out the exact version of SQL that you have:

  • select @@version

For SQL Server 2008 R2: Install Service Pack 3 if not already installed. Then install KB4057113

For SQL Server 2012: Install Service Pack 4.

For SQL Server 2014: Install Service Pack 2 or Service Pack 3.

Client Side

SQL Server Native Client for SQL 2008 R2: Native Client

SQL Server Native Client for SQL 2012: Native Client

.NET 3.5

For Windows 7 SP1 and Server 2008 R2 SP1: .NET Framework 3.5.1

Windows 8 RTM and Server 2012 RTM: .NET Framework 3.5

Windows 8.1 and Server 2012 R2 SP1: .NET Framework 3.5 SP1

Registry Changes

1) Modify the WinHttp for Secure.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

"DefaultSecureProtocols"=dword:0x00000800

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

"DefaultSecureProtocols"=dword:0x00000800

 

     2)  Additionally the TLS 1.1 and TLS 1.2 are disabled by default unless you specifically turn them one.

 

So need to update the default (Add to the registry) these keys.

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client

"DisabledByDefault"=dword:00000000

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server

"DisabledByDefault"=dword:00000000

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client

"DisabledByDefault"=dword:00000000

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server

"DisabledByDefault"=dword:00000000

 

 3) AFTER you do the above then you will need to disable TLS 1.0 by setting this to zero (0000000)

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server

"Enabled"=dword:00000000

 

4) Enable .NET to use Strong encryption.

 

For 32-bit applications on 32-bit systems or 64-bit applications on 64-bit systems), update the following subkey value:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\<version>

“SchUseStrongCrypto” = (DWORD): 00000001

 

For 32-bit applications on 64-bit systems), update the following subkey value:  (this is what Editor uses)

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\<version>

“SchUseStrongCrypto” = (DWORD): 00000001

 

NOTE 1:  Do this for each version of .NET Framework that's older than 4.6.2 and is currently used in your environment.

NOTE 2: Editor only seems to require v4.0.30319 on every system I have been able to test independently.