Security Errors when TLS 1.0 is disabled
Posted: Tue Sep 22, 2020 9:17 am
For security reasons we've been instructed by our infosec group to turn off TLS 1.0 on our SoftPro server. When I do so (i.e. set registry key HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server DWORD w/ name Enabled and value of 0x0), I start getting security errors when users try to log into Select. Select acts like it's going to log in (e.g. for a user account w/ no default profile, I'll see the profile selection prompt) but then you get a security error. The Select logs (i.e. run client w/ logging) show an error "token provider cannot get tokens." The Windows System event log shows the error "A fatal error occurred while creating an SSL server credential. The internal error is 10013." for source of Schannel event ID 36871.
Re-enabling TLS 1.0 fixes the problem. No reboot needed, it just starts working.
Is TLS 1.0 a requirement or can Select Server be reconfigured to work w/ TLS 1.2?
Re-enabling TLS 1.0 fixes the problem. No reboot needed, it just starts working.
Is TLS 1.0 a requirement or can Select Server be reconfigured to work w/ TLS 1.2?