Security Errors when TLS 1.0 is disabled

Discussions related to installation and setup of SoftPro products.
Post Reply
joe.mag
Posts: 122
Joined: Thu Aug 04, 2011 3:11 pm

Security Errors when TLS 1.0 is disabled

Post by joe.mag »

For security reasons we've been instructed by our infosec group to turn off TLS 1.0 on our SoftPro server. When I do so (i.e. set registry key HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server DWORD w/ name Enabled and value of 0x0), I start getting security errors when users try to log into Select. Select acts like it's going to log in (e.g. for a user account w/ no default profile, I'll see the profile selection prompt) but then you get a security error. The Select logs (i.e. run client w/ logging) show an error "token provider cannot get tokens." The Windows System event log shows the error "A fatal error occurred while creating an SSL server credential. The internal error is 10013." for source of Schannel event ID 36871.

Re-enabling TLS 1.0 fixes the problem. No reboot needed, it just starts working.

Is TLS 1.0 a requirement or can Select Server be reconfigured to work w/ TLS 1.2?
joe.mag
Posts: 122
Joined: Thu Aug 04, 2011 3:11 pm

Re: Security Errors when TLS 1.0 is disabled

Post by joe.mag »

My bad, forgot to include our version of Select: 4.2.41028.10

We can't upgrade due to issues w/ 4.3
BobRichards
Posts: 1376
Joined: Wed Jan 15, 2014 3:50 pm
Location: Raleigh, NC
Contact:

Re: Security Errors when TLS 1.0 is disabled

Post by BobRichards »

Sorry but at this time TLS 1.0 is a requirement. If this is an issue, please contact your SoftPro Customer Support and make your opinion known. It won't change our current requirement but it might influence the order in which features are rolled out in the future.
Bob Richards, Senior Software Developer, SoftPro
joe.mag
Posts: 122
Joined: Thu Aug 04, 2011 3:11 pm

Re: Security Errors when TLS 1.0 is disabled

Post by joe.mag »

Thanks for the feedback and recommendation.
Post Reply