This article applies to:
- MailMarshal SPE 4.X - Systems with TLS 1.0 disabled
- Marshal Reporting Console - email TLS
Question:
- How do I enable use of TLS 1.1 and 1.2 by .NET components in SPE 4.X?
- How do I fix TLS related errors connecting from SPE to the SEG Array Manager?
- How do I update the TLS version used for email connectivity in MRC?
Procedure:
To allow use of "Strong" TLS (1.1 and 1.2) by .NET, you must enable system settings and .NET specific settings on affected systems.
- For SPE this is the Marshal Interface Agent server.
- For MRC this is the server where the software is installed.
This article covers .NET specific settings.
Update the following Registry entries (see also the attached Powershell script):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
Notes:
- SPE 5.X and above uses newer versions of .NET and does not require these settings.
- The SchUseStrongCrypto setting allows .NET to use TLS 1.1 and TLS 1.2.
- The SystemDefaultTlsVersions setting allows .NET to use the OS configuration.
- For further information see Microsoft documentation.
- These settings apply immediately. System or service restart is not required.