Skip to main content
Kofax

How to enable TLS 1.1 and 1.2 when connecting a DAS with MC

3024588

Question / Problem: 

How to enable the DAS to use TLS1.1 or TLS1.2 for use with a Management Console requiring one of these versions?

Answer / Solution: 

Known security vulnerabilities in older versions of SSL/TLS may require the usage of TLS1.2 or TLS1.2 on the MC.

However, the DAS may not support these newer protocols in the standard configuration, therefore, DAS-MC ping fails.

 

To enable TLS 1.1. and TLS 1.2 on the DAS:

  1. Make sure that the .NET version on the DAS machine supports the version of TLS. See this Microsoft article for details.
  2. Add the certificate from Management Console to the Windows certificate store on the DAS machine
  3. Enable the TLS protocol so DAS would use it. There are two possible options to do this:

Option 1. Add the below lines:

<runtime>

   <AppContextSwitchOverrides value="Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols=false;Switch.System.Net.DontEnableSchUseStrongCrypto=false" /> 

</runtime>

to DesktopAutomationServiceControl.exe.config in the installed system.

 

Option 2. Or another workaround is to modify the registry:

Run the following commands in DAS machine:

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:64

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:32

 

Applies to:  

Product Version
Kofax RPA 10.7>