Enabling Transport Layer Security (TLS)

2024-12-11Last updated

The Transport Layer Security (TLS) 1.0 and 1.1 protocols have several major vulnerabilities, so they are disabled on Streamvault™ appliances. When a device enrolled in Security Center requires one of these protocols for communication, you must enable the protocol on your appliance.

What you should know

  • TLS 1.1 is disabled in Streamvault software image 16.3 and later.
  • TLS 1.0 is disabled in Streamvault software image 16.0 and later.
  • Enable only the version of TLS that your device requires.
  • Enable TLS on the server (incoming) and client (outgoing) nodes.
  • For security reasons, the Internet Properties options are disabled on appliances. If your appliance has the Streamvault service, you can enable TLS from the Local Group Policy Editor. If your appliance doesn't have the Streamvault service, you can only enable TLS from the Windows Registry Editor.

Procedure

To enable TLS on an appliance with the Streamvault service:
  1. Open Command Prompt as an administrator and run gpedit.msc.
    The Local Group Policy Editor opens.
  2. Go to Computer Configuration > Administrative Templates > Streamvault > Genetec > Additional Templates .
  3. Enable TLS 1.n on the client, where n represents the minor version number:
    1. Right-click on \SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.n\Client\Enabled and click Edit.
    2. Set Enabled to 1 and click Apply > OK .
    3. Right-click on \SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.n\Client\DisabledByDefault and click Edit.
    4. Set DisabledByDefault to 0 and click Apply > OK .
  4. Enable TLS 1.n on the server:
    1. Right-click on \SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.n\Server\Enabled and click Edit.
    2. Set Enabled to 1 and click Apply > OK .
    3. Right-click on \SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.n\Server\DisabledByDefault and click Edit.
    4. Set DisabledByDefault to 0 and click Apply > OK .
    Local Group Policy Editor showing the TLS 1.0 client [Enabled] value set to 1.
  5. Restart Windows.
To enable TLS on an appliance without the Streamvault service:
  1. Open Windows Registry Editor.
  2. Enable TLS 1.n, where n represents the minor version number:
    1. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.n.
    2. Select the Server node, set DisabledByDefault to 0, and set Enabled to 1.
    3. Select the Client node, set DisabledByDefault to 0, and set Enabled to 1.
  3. Restart Windows.