Skip to main content
Kofax

How to enable TLS 1.1 and 1.2 when connecting a DAS with MC

3024588

Question / Problem: 

How to enable the DAS to use TLS1.1 or TLS1.2 for use with a Management Console requiring one of these versions?

Answer / Solution: 

Known security vulnerabilities in older versions of SSL/TLS may require the usage of TLS1.2 or TLS1.2 on the MC.

However, the DAS may not support these newer protocols in the standard configuration, therefore, DAS-MC ping fails.

 

To enable TLS 1.1. and TLS 1.2 on the DAS:

1. Add the below lines:

<runtime>

   <AppContextSwitchOverrides value="Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols=false;Switch.System.Net.DontEnableSchUseStrongCrypto=false" /> 

</runtime>

to DesktopAutomationServiceControl.exe.config in the installed system.

 

2. Or another workaround is to modify the registry:

Run the following commands in DAS machine:

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:64

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:32

 

Applies to:  

Product Version
Kofax RPA 10.7>