Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Setting up a TLS1.2 only environment in Control Manager (TMCM) 7.0

    • Updated:
    • 7 Jun 2018
    • Product/Version:
    • Control Manager 7.0
    • Platform:
    • Windows 2008 Server R2
    • Windows 2012 Enterprise
    • Windows 2012 Standard R2
    • Windows 2016
Summary

TMCM 7.0 supports Transport Layer Security (TLS) 1.2 protocol to provide stronger protection for your network communication. This article shows you how to set up TLS 1.2 only environment.

Details
Public

To enable TLS 1.2 only environment in TMCM server or managed products that are registered to TMCM, do the following:

Before setting up, ensure that your OS supports TLS 1.2. Below is a list of OS that can support TLS 1.2:

  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016

To set up TLS 1.2 only environment, make sure to install the following updates first.

  • Windows Server 2008 R2 SP1 - KB2973337
    If you already installed the accumulated update last 10/11/2016, this update is unavailable, and there is no need this update anymore.
  • Windows Server 2012 - KB2975331
  • Windows Server 2012 R2 - KB3000850
  • Windows 2016 - No required KB update.

To set up TLS 1.2 only environment, make sure that the following hotfixes are installed on your SQL Server first.

 
If your SQL Server is a special version (RTM, GDR etc.), refer to the Microsoft Support page to find your required hot fix.
 
Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.
  1. Click Start > Run, enter "regedit" and click OK. This will open the Registry Editor.
  2. Navigate to HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.
  3. Under this registry key, the following keys should be present:
    • Multi-Protocol Unified Hello
    • PCT 1.0
    • SSL 2.0
    • SSL 3.0
    • TLS 1.0
    • TLS 1.1
    • TLS 1.2

    TLS Protocols

     
    If one or more registry keys are missing, add them manually.
  4. For each of the registry keys under Protocols, ensure that keys below are present:
    • Client
    • Server

     
    If one or both keys are not present, add them manually.
  5. Under the Client and Server keys, respectively, ensure that the DWORDs below are present:
    • DisabledByDefault
      Value should be 0 if it is under TLS 1.2, otherwise the value should be 1.
    • Enabled
      Value should be 1 if it is under TLS 1.2, otherwise the value should be 0.

    TLS 1.2 - Client

    TLS 1.2 - Server

    SSL 2.0 - Client

    SSL 2.0 - Server

     
    If one or both are not present, add them manually.
  6. Once completed, restart machine to apply the changes.

The following table shows the managed products that support communicating with TMCM 7.0 under pure TLS 1.2 environment.

Product NameVersion
OfficaScanXG SP1
Trend Micro Security for Mac3.0 P1
Deep Security9.6, 10.2
Deep Discovery Inspector5.0
Deep Discovery Analyzer6.0
Smart Protection Server3.3

To support the TLS only environment for managed products, you need to modify “SSL_Cipher_List=TLSv1” to “SSL_Cipher_List=TLSv1.2” under the Agent.ini file.

Premium
Internal
Rating:
Category:
Configure; SPEC
Solution Id:
1119000
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.