This article applies to:

• MailMarshal SPE 4.X - Systems with TLS 1.0 disabled
• Marshal Reporting Console - email TLS

Question:

• How do I enable use of TLS 1.1 and 1.2 by .NET components in SPE 4.X?
• How do I fix TLS related errors connecting from SPE to the SEG Array Manager?
• How do I update the TLS version used for email connectivity in MRC?

Procedure:

To allow use of "Strong" TLS (1.1 and 1.2) by .NET, you must enable system settings and .NET specific settings on affected systems.

• For SPE this is the Marshal Interface Agent server.
• For MRC this is the server where the software is installed.

This article covers .NET specific settings.

Update the following Registry entries (see also the attached Powershell script):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
      "SystemDefaultTlsVersions" = dword:00000001
      "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
      "SystemDefaultTlsVersions" = dword:00000001
      "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
      "SystemDefaultTlsVersions" = dword:00000001
      "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
      "SystemDefaultTlsVersions" = dword:00000001
      "SchUseStrongCrypto" = dword:00000001

Notes:

• SPE 5.X and above uses newer versions of .NET and does not require these settings.
• The SchUseStrongCrypto setting allows .NET to use TLS 1.1 and TLS 1.2. 
• The SystemDefaultTlsVersions setting allows .NET to use the OS configuration.
• For further information see Microsoft documentation.
• These settings apply immediately. System or service restart is not required.