Enabling TLS 1.2 Support and Blocking Weak Ciphers on CxManager
Notice
TLS 1.1 is being phased out for all major browsers such as Chrome, Firefox, Safari, and Edge.
TLS (Transport Layer Security) and its now-deprecated predecessor, SSL (Secure Sockets Layer) are cryptographic protocols designed to provide communications security over a computer network. Websites can use TLS to secure all communications between their servers and web browsers. The TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications.
Sensitive data such as user credentials and credit card information must be protected when it is transmitted over the network and the ciphers in use during secure communications via SSL and TLS 1.1 are too weak. As a rule of thumb, if data must be protected when it is stored, it must be protected also during transmission. Even if high-grade ciphers are supported and used today, some misconfiguration in the server may force users of a weak cipher or no encryption at all to grant access to the supposedly secure communication channel.
Enabling TLS 1.2 Support
Support for TLS 1.2 can be enabled via the Windows registry on the CxManager host. TLS 1.2 can be enabled manually or automatically from the CxManager host as explained below.
Notice
TLS 1.2 requires SQL Server 11.0.5388.0 or higher. Older SQL server versions do not support TLS 1.2.
It is strongly recommended to disable weak ciphers. The relevant ciphers are listed at the end of this document.
Enabling TLS 1.2 Automatically
1. Download the attached registry file (TLS1.2.reg) to the CxManager desktop.
2. Right-click and select Merge.
3. Restart the server.
Enabling TLS 1.2 Manually
1. Start the Registry editor. To do so, enter regedit in the Windows search field. The Registry Editor appears.
2. Restart the server.
Disabling Weak Ciphers
Contact your administrators or IT personnel to disable the relevant ciphers.