Skip to main content
Kofax

Enable TLS 1.2 Encryption for Kofax Capture

  1. Last updated
  2. Save as PDF
Article # 3030982 - Page views: 2193

Issue

Does Kofax Capture support Transport Security Layer (TLS) 1.2 and how it is enabled?

 

Cause

Deprecation of old TLS versions

 

Solution

Yes, TLS 1.2 is supported on Kofax Capture 11.0 and upwards. There are no Kofax Capture product changes needed to support TLS 1.2.

!Before proceeding, back up the registry keys to be modified!

(Move to the corresponding keys which are going to receive a change and right mouse click and choose export, assign a name like the key name for example SCHANNEL and a location where you want to save the exported data)

 

To enable TLS 1.2 for Windows operating system, open the registry editor and go to location:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

 

Create the following keys if they do not exist and create the corresponding Dword-32 names and values:

  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

 

Reboot the machine so theses changes take affect and become active.

To verify the activated TLS ciphers you can use https://www.nartac.com/Products/IISCrypto tool.

 

KCNS

Some additional Windows configuration changes are required to use KCN Server (IIS) and remote sites successfully in a TLS 1.2 environment. These changes need to be done on the IIS server and also on the remote sites connected to it.

Change the registry keys corresponding to your used OS:


▪ 64-bit systems:

  • [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]

"SchUseStrongCrypto"=dword:00000001


▪ 32-bit systems:

  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

"SchUseStrongCrypto"=dword:00000001

 

NOTE: If you are using the standard database for Kofax Capture 11.0 which is SQL Server Express 2014, you will need to install at least Service Pack 1 for SQL Server Express 2014. The link for Service Pack 3 is here:

https://www.microsoft.com/en-us/down....aspx?id=57474

Level of Complexity 

Moderate

 

Applies to  

Product Version Build Environment Hardware
Kofax Capture 11.x - - -

References

Articles: 21913, 308324

 

Article # 3030982
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.