Skip to main content
Kofax

How to enable newer versions of Transport Layer Security - TLS - protocols

Article # 3035063 - Page views: 131

Issue

I want to enable only Transport Layer Security (TLS) protocol versions 1.1 and 1.2 versions for use with Kofax TotalAgility 7.x. Due to known security vulnerabilities in older versions of the Secure Sockets Layer (SSL) and TLS protocols, the newer TLS protocol versions 1.1 and/or 1.2 etc should be used to secure KTA 7.x HTTPS communications.

Current versions of KTA are built on .NET 4.6 or above which will use the operating systems TLS version.  KTA does not hardcode TLS versions. 

Solution

Use an app like IISCrypto to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012, 2016 and 2019 on your machine or update the registry as per below.

To enable TLS 1.1 and 1.2 on each KFS server:

  1. Execute regedit.exe
  2. Navigate to HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
  3. Create a new Key named TLS 1.2 if one does not already exist.
  4. In the TLS 1.2 Key, create a subkey named Server.
  5. In the Server Key, create a DWORD (32-bit) Value named DisabledByDefault.
  6. Set the DisabledByDefault value to 0.
  7. In the Server Key, create a DWORD (32-bit) Value named Enabled
  8. Set the Enabled value to 1.
  9. In the TLS 1.2 Key, create a subkey named Client.
  10. In the Client Key, create a DWORD (32-bit) Value named DisabledByDefault.
  11. Set the DisabledByDefault value to 0.
  12. In the Client Key, create a DWORD (32-bit) Value named Enabled.
  13. Set the Enabled value to 1.
  14. Navigate back to the Protocols Key.
  15. Create a new Key named TLS 1.1 if one does not already exist.
  16. In the TLS 1.1 Key, create a subkey named Server.
  17. In the Server Key, create a DWORD (32-bit) Value named DisabledByDefault.
  18. Set the DisabledByDefault value to 0.
  19. In the Server Key, create a DWORD (32-bit) Value named Enabled
  20. Set the Enabled value to 1.
  21. In the TLS 1.1 Key, create a subkey named Client.
  22. In the Client Key, create a DWORD (32-bit) Value named DisabledByDefault.
  23. Set the DisabledByDefault value to 0.
  24. In the Client Key, create a DWORD (32-bit) Value named Enabled.
  25. Set the Enabled value to 1.
  26. Reboot the server.

Level of Complexity 

Moderate

 

Applies to  

Product Version Build Environment Hardware
KTA 7 All n/a Windows n/a

References

Add any references to other internal or external articles

 

Article # 3035063
  • Was this article helpful?