Agent SSL/TLS Issues & .Net Framework v4

As of Sep 2017, ShoreTel has been acquired by Mitel; the product titles and images used in this article may not accurately reflect the official product titles post-acquisition. This includes subjects contained in the imagery of brightmetrics' user interface.

 

If your organization is disabling TLS 1.0 due to security policy requirements, you will also need to enable TLS 1.2 for applications targeting the .Net Framework v4.0 runtime.  By default, applications such as the Brightmetrics agent service that target the .Net Framework v4.0 runtime will only request SSL3 and TLS 1.0, even if you have .Net Framework 4.6.1 or higher, which supports TLS 1.2, installed on the operating system.  The issue is explained in detail here: https://support.microsoft.com/en-us/help/3155464/ms16-065-description-of-the-tls-ssl-protocol-information-disclosure-vu

As described in that article, Microsoft has introduced a registry key that can be set to enable all .Net Framework v4.0 and higher applications to request TLS 1.2.

First, ensure that .Net Framework 4.6.1 or higher is installed on your operating system.  Checking for updates via Windows Update will let you know if there are any updates to the .Net Framework to install.

Alternatively, you can check in the registry to see what version(s) of the .Net Framework are installed.  For details you can refer to this Microsoft article: https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed.  The short version is: check the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full" and look at the "Version" value.

Next, add a DWORD value named "SchUseStrongCrypto" under the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" and give it a value of "1".  On 64-bit operating systems, also set the same value under "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319".  For details, refer to this Microsoft article: https://docs.microsoft.com/en-us/security-updates/securityadvisories/2015/2960358#suggested-actions.  It should look like this:

We have prepared a registry file, as documented in the Microsoft article referenced above, that can be imported to set these two registry values. You can download the registry file and double-click to import it:

strongcrypto4-enable.reg

Finally, the computer must be rebooted after the registry key values are set for the changes to take effect.

If you have any other questions regarding this or anything within Brightmetrics' Mitel (ShoreTel) Reporting and Data Analytics Services, please email us at support@brightmetrics.com

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.