Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Setting up a TLS1.2 only environment in Control Manager (TMCM) 7.0

    • Updated:
    • 11 Dec 2017
    • Product/Version:
    • Control Manager 7.0
    • Platform:
    • Windows 2008 Server R2
    • Windows 2012 Enterprise
    • Windows 2012 Standard R2
    • Windows 2016
Summary

TMCM 7.0 supports Transport Layer Security (TLS) 1.2 protocol to provide stronger protection for your network communication. This article shows you how to set up TLS 1.2 only environment.

Details
Public

To enable the TLS 1.2 only environment, do the steps below:

Before setting up, ensure that your OS supports TLS 1.2. Below is a list of OS that can support TLS 1.2:

  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016

To set up TLS 1.2 only environment, make sure to install the following updates first.

  • Windows Server 2008 R2 SP1 - KB2973337
    If you already installed the accumulated update last 10/11/2016, this update is unavailable, and there is no need this update anymore.
  • Windows Server 2012 - KB2975331
  • Windows Server 2012 R2 - KB3000850
  • Windows 2016 - No required KB update.

To set up TLS 1.2 only environment, make sure that the following hotfixes are installed on your SQL Server first.

 
If your SQL Server is a special version (RTM, GDR etc.), refer to the Microsoft Support page to find your required hot fix.
 
Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.
  1. Click Start > Run, enter "regedit" and click OK. This will open the Registry Editor.
  2. Navigate to HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.
  3. Under this registry key, the following keys should be present:
    • Multi-Protocol Unified Hello
    • PCT 1.0
    • SSL 2.0
    • SSL 3.0
    • TLS 1.0
    • TLS 1.1
    • TLS 1.2

    TLS Protocols

     
    If one or more registry keys are missing, add them manually.
  4. For each of the registry keys under Protocols, ensure that keys below are present:
    • Client
    • Server

     
    If one or both keys are not present, add them manually.
  5. Under the Client and Server keys, respectively, ensure that the DWORDs below are present:
    • DisabledByDefault
      Value should be 0 if it is under TLS 1.2, otherwise the value should be 1.
    • Enabled
      Value should be 1 if it is under TLS 1.2, otherwise the value should be 0.

    TLS 1.2 - Client

    TLS 1.2 - Server

    SSL 2.0 - Client

    SSL 2.0 - Server

     
    If one or both are not present, add them manually.
  6. Once completed, restart machine to apply the changes.
Premium
Internal
Rating:
Category:
Configure; SPEC
Solution Id:
1119000
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.