View Single Post
Old 2021-07-10, 16:47   #1
Serpentine Vermin Jar
Madpoo's Avatar
Jul 2014

1101000011002 Posts
Default Possible fix, with just some registry keys added?

I was reading more about this issue with Framework 4.0 apps and TLS 1.2 support.

If the machine has Framework 4.5+ installed, then it sounds like you can tell it to use TLS 1.2 by default with the addition/modification of a couple of registry keys. This avoids having to recompile an old app, since you're just telling your framework to use a stronger crypto by default.

If someone wants to try this out - just make sure your system does already have 4.5 installed. Windows 10 does, by default, so that should be fine. For older systems (Win7/8/8.1) just be sure to check.

From an admin command prompt (or add the keys to the registry yourself if you're so inclined):
reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 /f
reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f
Those commands add the reg entries that will tell .NET Framework 4.x targeted apps to use stronger crypto by default. I saw conflicting info about whether you actually need Framework 4.6+ installed, or if 4.5 is good enough.

If getting 4.6+ installed and adding some reg keys does the trick, I'd be on board with just recommending that for any misfit users, over the downside of re-enabling the older protocol versions.
Madpoo is offline   Reply With Quote