TMCM 7.0 supports Transport Layer Security (TLS) 1.2 protocol to provide stronger protection for your network communication. This article shows you how to set up TLS 1.2 only environment.
To enable TLS 1.2 only environment in TMCM server or managed products that are registered to TMCM, do the following:
Before setting up, ensure that your OS supports TLS 1.2. Below is a list of OS that can support TLS 1.2:
- Windows Server 2008 R2 SP1
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
To set up TLS 1.2 only environment, make sure to install the following updates first.
To set up TLS 1.2 only environment, make sure that the following hotfixes are installed on your SQL Server first.
- SQL Server 2008 SP4 - SQL Server 2008 SP4 TLS 1.2 Update
- SQL Server 2008 R2 SP3 - SQL Server 2008 R2 SP3 TLS 1.2 Update
- SQL Server 2012 SP2 - Cumulative Update 10 for SQL Server 2012 SP2
- SQL Server 2012 SP3 - Cumulative Update 1 for SQL Server 2012 SP3
- SQL Server 2014 SP1 - Cumulative Update 5 for SQL Server 2014 SP1
- SQL Server 2016 - No required hotfix
- Click Start > Run, enter "regedit" and click OK. This will open the Registry Editor.
- Navigate to HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.
- Under this registry key, the following keys should be present:
If one or more registry keys are missing, add them manually.
- Multi-Protocol Unified Hello
- PCT 1.0
- SSL 2.0
- SSL 3.0
- TLS 1.0
- TLS 1.1
- TLS 1.2
- For each of the registry keys under Protocols, ensure that keys below are present:
If one or both keys are not present, add them manually.
- Under the Client and Server keys, respectively, ensure that the DWORDs below are present:
If one or both are not present, add them manually.
Value should be 0 if it is under TLS 1.2, otherwise the value should be 1.
Value should be 1 if it is under TLS 1.2, otherwise the value should be 0.
- Once completed, restart machine to apply the changes.
The following table shows the managed products that support communicating with TMCM 7.0 under pure TLS 1.2 environment.
|Trend Micro Security for Mac||3.0 P1|
|Deep Security||9.6, 10.2|
|Deep Discovery Inspector||5.0|
|Deep Discovery Analyzer||6.0|
|Smart Protection Server||3.3|
To support the TLS only environment for managed products, you need to modify “SSL_Cipher_List=TLSv1” to “SSL_Cipher_List=TLSv1_2” under the Agent.ini file.