After the environment has been setup to enable only TLS 1.2 and disabling the lower TLS versions (all done to the machine registry) as per environmental security requirements, the eFlow Web Station constantly cannot login (as if ID/password is incorrect or the login page was shown again) but before that it was working fine.
- eFlow Web Stations include WebValidate, WebScan and WebFrontOffice.
There is missing setting to enable eFlow Web stations to function under TLS 1.2 situation.
- If your eFlow Web Server is separated from eFlow App Server then all of them were expected to have TLS 1.2 only setup correctly.
- Here the scenario is expecting that you have done correct UserIds.xml and DomainSecurity.xml for the Web Login using default Form Authentication.
- For Windows Authentication, it is skipping the login page but correct DomainSecurity.xml has to be correctly done.
Method 1: Add additional entry to the machine registry where eFlow Web Hosts were located.
At the server hosting the WebValidate/WebScan/WebFrontOffice, add the following to the registry.
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001
- After the change, reboot the server, cache the browser cache and try again.
Method 2: Edit the TiSConfiguration file for each respective eFlow Web Host.
If you have WebValidate, WebScan and WebFrontOffice then you have to edit the tisconfiguration file at each of the Web Host.
Below is the alternative approach (without registry entry approach):
- Update each Web Host (WebValidate/WebScan/WebFrontOffice, etc) TiSconfiguration file to set true for <DisableTLS10>
- e.g. C:\inetpub\wwwroot\WebValidate\bin\ConfigSources\TISconfiguration.config
- Change <DisableTLS10>false</DisableTLS10> to <DisableTLS10>true</DisableTLS10>
- Save the TISconfiguration file for the change, restart Web Host or reset IIS, clear browser cache, try access and login.
Level of Complexity