Views:

To enable TLS 1.2 only environment in TMCM server or managed products that are registered to TMCM, do the following:

Before setting up, ensure that your OS supports TLS 1.2. Below is a list of OS that can support TLS 1.2:

  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016

To set up TLS 1.2 only environment, make sure to install the following updates first.

  • Windows Server 2008 R2 SP1 - KB2973337
    If you already installed the accumulated update last 10/11/2016, this update is unavailable, and there is no need this update anymore.
  • Windows Server 2012 - KB2975331
  • Windows Server 2012 R2 - KB3000850
  • Windows 2016 - No required KB update.

To set up TLS 1.2 only environment, make sure that the following hotfixes are installed on your SQL Server first.

 
If your SQL Server is a special version (RTM, GDR etc.), refer to the Microsoft Support page to find your required hot fix.

 
Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.
  1. Click Start > Run, enter "regedit" and click OK. This will open the Registry Editor.
  2. Navigate to HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.
  3. Under this registry key, the following keys should be present:
    • Multi-Protocol Unified Hello
    • PCT 1.0
    • SSL 2.0
    • SSL 3.0
    • TLS 1.0
    • TLS 1.1
    • TLS 1.2

    TLS Protocols

     
    If one or more registry keys are missing, add them manually.
  4. For each of the registry keys under Protocols, ensure that keys below are present:
    • Client
    • Server

     
    If one or both keys are not present, add them manually.
  5. Under the Client and Server keys, respectively, ensure that the DWORDs below are present:
    • DisabledByDefault
      Value should be 0 if it is under TLS 1.2, otherwise the value should be 1.
    • Enabled
      Value should be 1 if it is under TLS 1.2, otherwise the value should be 0.

    TLS 1.2 - Client

    TLS 1.2 - Server

    SSL 2.0 - Client

    SSL 2.0 - Server

     
    If one or both are not present, add them manually.
  6. Once completed, restart machine to apply the changes.

The following table shows the managed products that support communicating with TMCM 7.0 under pure TLS 1.2 environment.

Product NameVersion
OfficaScanXG SP1
Trend Micro Security for Mac3.0 P1
Deep Security9.6, 10.2
Deep Discovery Inspector5.0
Deep Discovery Analyzer6.0
Smart Protection Server3.3

To support the TLS only environment for managed products, you need to modify “SSL_Cipher_List=TLSv1” to “SSL_Cipher_List=TLSv1.2” under the Agent.ini file.

Keywords: TLS,tls 1.2 enviroment,enable tls 1.2,tls 1.2,