TLS 1.0 and 1.1 were introduced as security protocols to provide authentication, privacy, and data integrity between two communicating computer applications. As with all protocols, newer versions of TLS have been developed to improve security and performance. Although Egnyte servers have been configured to support more modern versions of TLS protocols, such as TLS 1.2, we have continued supporting TLS 1.0 and 1.1 for a small percentage of customers.

To ensure we are using the highest security standards and safeguarding, we are retiring TLS 1.0 and 1.1 on February 28th, 2020. This means Egnyte servers and services will reject all incoming communications using these older versions of TLS. If you are still using TLS 1.0 or 1.1, you'll need to take action soon and upgrade to TLS 1.2. To ensure a smooth transition, please follow the steps below.

For Windows 7, we recommend you complete the following steps:

  1. Disable TLS 1.0 and 1.1 
  2. Enable TLS 1.2

Egnyte will end support for Windows 7, 8, and 8.1 after January 14th, 2020.

 

Disable TLS 1.0 and 1.1

Disable TLS 1.0 and 1.1 from the registry using the registry editor.

  1. Go to this registry location:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

  2. If a TLS 1.0 key is present, go inside the folder (see next step). If not, you will have to create a new Key and name it 'TLS 1.0'
  3. If the TLS 1.0 key exists, you should also have a key called 'Client' underneath. If not, you will have to create it as you did in the previous step.

    Screen_Shot_2019-10-16_at_4.50.50_PM.png

  4. Go into the 'Client' key and create the following entry:
    Entry type: DWORD (32 bit)
    Name: Enabled
    Value:

  5. Repeat the above steps for disabling TLS 1.1


2. Enable TLS 1.2

Enable version 1.2 of TLS from the registry using the registry editor.

  1. Go to this registry location:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

  2. To enable 1.2, you'll need to create new keys called TLS 1.2 underneath the 'Protocols' key.

    mceclip0.png

  3. Once the key structure is created, you can proceed to create the following entry under TLS 1.2/Client:
    Entry type: DWORD (32 bit)
    Name: DisabledByDefault
    Value: 0

 For Windows 8, 8.1, and 10, we recommend you complete the following steps:

  1. Disable TLS 1.0 and 1.1

Egnyte will end support for Windows 7, 8, and 8.1 after January 14th, 2020.

 

Disable TLS 1.0 and 1.1

Disable TLS 1.0 and TLS 1.1 from the registry using the registry editor.

  1. Go to this registry location:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\
  2. If a TLS 1.0 key is present, go inside the folder (see next step). If not, you will have to create a new Key and name it 'TLS 1.0'
  3. If the TLS 1.0 key exists, you should also have a key called 'Client' underneath. If not, you will have to create it as you did in the previous step.

    Screen_Shot_2019-10-16_at_4.50.50_PM.png

  4. Go into the 'Client' key and create this following entry
    Entry type: DWORD (32 bit)
    Name: Enabled
    Value: 

  5. Repeat the above steps for disabling TLS 1.1

Registry Script (.REG)

All of the steps above can be automated and deployed via registry scripts. Here are some examples:

.REG to disable TLS 1.0 and 1.1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"Enabled"=dword:00000000

.REG to enable TLS 1.2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000

Note on Windows Server

The Desktop App is not officially supported on Windows Server, so the instructions above are for the normal version of Windows. Depending on the configuration, Windows Server users may need to create extra keys called 'Server' under Protocol/TLS 1.0, Protocol/TLS 1.1, Protocol/TLS 1.2 with the same Enabled and DisabledByDefault entries under each 'Client.' For more information, please check out this blog post from Microsoft.