Microsoft deprecates TLS 1.0, 1.1
and SSL 3 protocols after March 2022.
This will lead to e-signature denial service in
ShareKnowledge for AAD users. The SSO with Azure AD should not be affected, but
it's yet to be confirmed.
Following applies only to the ShareKnowledge v. 11.2 and
earlier.
Please execute following steps to address the above-mentioned
changes:
- Enforce
TLS 1.2 usage by adding following two DWORDS to the registry
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
- [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
For more details refer to Microsoft instruction at the link _https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client#bkmk_net_
- Reboot
the server
- Repeat
previous steps on every server in the farm
Optional.
Consider turning off TLS 1.0, 1.1 and SSL 3 in the registry as they become deprecated after March 2022 IISCrypto tool can help streamline the process. See the link https://www.nartac.com/Products/IISCrypto
For manual operation, see instruction here: https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings#tls-dtls-and-ssl-protocol-version-settings