如何启用TLS 1.2 [英] How to enable TLS 1.2

问题描述

根据这个 article 启用TSL1.2我们需要使用其他注册表项将下面的SecureProtocol密钥更新到注册表位置。

As per this article to enable TSL1.2 we need to update "SecureProtocol" key in below to registry locations with other registry keys.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

这里的挑战是，我们需要使用安装程序在所有客户机中更新此密钥。我在安装程序安装时尝试将此更新为密钥，但安装程序只能访问本地计算机Internet设置密钥。它无法访问当前用户的Internet设置密钥，因为安装程序正在System上下文中运行。



安装程序设置为在系统上下文中的延迟执行中运行，以便为所有没有管理员权限的客户端安装。我现在无法更改安装程序配置。



我的问题是在本地机器上设置安全协议值是不是足以启用TLS1.2？



是否必须在当前用户的互联网设置下设置安全协议值？



提前感谢。



我尝试了什么：



我在安装程序安装时尝试使用SID设置当前用户注册表但是安装程序未找到当前登录的用户SID。

The challenge here is, we need to update this keys in all the clients machines with an installer. I tried to update this to keys while installer is installing but the installer can only access Local Machine Internet setting key. It could not access Current User internet settings key because installer is running under System context.

The installer is set to run in Deferred Execution under System Context to install for all the clients who does not have admin privileges. I can't change installer configuration now.

My question is Setting "Secure Protocol" value under local machine internet settings is not enough to enable TLS1.2?

Is it mandatory to set "Secure Protocol" value under Current User internet settings as well?

thanks in advance.

What I have tried:

I tried setting current User registry using SID while installer is installing but the installer is not finding currently logged in user SID.

推荐答案

我根据需要在应用程序中设置了安全协议：

I set "Secure Protocol" in the app as required:

   ServicePointManager.ServerCertificateValidationCallback += ValidateCertificate;

   ServicePointManager.SecurityProtocol =
      SecurityProtocolType.Tls |
      SecurityProtocolType.Tls11 |
      SecurityProtocolType.Tls12 |
      SecurityProtocolType.Ssl3;

   try {
      // Related process.

   } finally {
      ServicePointManager.ServerCertificateValidationCallback -= ValidateCertificate;
   }

//
private static bool ValidateCertificate(
   Object sender, X509Certificate cert, X509Chain chain,
   SslPolicyErrors Errors ) {

   return true;
}

这篇关于如何启用TLS 1.2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！