Page 1 of 1

Security Errors when TLS 1.0 is disabled

Posted: Tue Sep 22, 2020 9:17 am
by joe.mag
For security reasons we've been instructed by our infosec group to turn off TLS 1.0 on our SoftPro server. When I do so (i.e. set registry key HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server DWORD w/ name Enabled and value of 0x0), I start getting security errors when users try to log into Select. Select acts like it's going to log in (e.g. for a user account w/ no default profile, I'll see the profile selection prompt) but then you get a security error. The Select logs (i.e. run client w/ logging) show an error "token provider cannot get tokens." The Windows System event log shows the error "A fatal error occurred while creating an SSL server credential. The internal error is 10013." for source of Schannel event ID 36871.

Re-enabling TLS 1.0 fixes the problem. No reboot needed, it just starts working.

Is TLS 1.0 a requirement or can Select Server be reconfigured to work w/ TLS 1.2?

Re: Security Errors when TLS 1.0 is disabled

Posted: Tue Sep 29, 2020 8:19 am
by joe.mag
My bad, forgot to include our version of Select: 4.2.41028.10

We can't upgrade due to issues w/ 4.3

Re: Security Errors when TLS 1.0 is disabled

Posted: Tue Sep 29, 2020 11:59 am
by BobRichards
Sorry but at this time TLS 1.0 is a requirement. If this is an issue, please contact your SoftPro Customer Support and make your opinion known. It won't change our current requirement but it might influence the order in which features are rolled out in the future.

Re: Security Errors when TLS 1.0 is disabled

Posted: Wed Sep 30, 2020 12:57 pm
by joe.mag
Thanks for the feedback and recommendation.