In January 1999, TLS 1.0 was introduced as a security protocol to provide "authentication, privacy, and data integrity between two communicating computer applications." Fast forward to today: Newer versions of TLS have been developed to address vulnerabilities while improving security and performance. Although Egnyte servers have been configured to accept more modern versions of TLS protocols, like TLS 1.1 and TLS 1.2, we've continued supporting a small percentage of customers who are on TLS 1.0, so they can connect to and use Egnyte services.

To ensure we are using the highest security standards and safeguarding against known vulnerabilities, we are announcing End-of-life for TLS 1.0. This means Egnyte servers and services will reject all incoming communications using TLS 1.0. We understand this might affect a small percentage of customers, but it's time to move away from this 20 years old technology. Please follow the steps below to ensure the smooth transition. 

How to configure Windows to prepare EOL TLS 1.0

For Windows 7, we recommend you complete the following steps:

  1. Disable TLS 1.0
  2. Enable TLS 1.1 and TLS 1.2

1. Disable TLS 1.0

Disable TLS 1.0 from the registry, using the registry editor.

  1. Go to this registry location:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\
  2. If a TLS 1.0 key is present go inside, if not you will have to create a new Key and name it 'TLS 1.0'
  3. If the TLS 1.0 key exists, you should also have a key called 'Client' underneath, if not you will have to create it as you did in the previous step:

    Screen_Shot_2019-10-07_at_11.51.50_AM.png

  4. Go into the 'Client' key and create this following entry:
    Entry type: DWORD (32 bit)
    Name: Enabled
    Value: 0 


2. Enable TLS 1.1 and TLS 1.2

Enable version 1.1 and 1.2 of TLS from the registry, using the registry editor.

  1. Go to this registry location
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\
  2. To enable TLS 1.1 and 1.2, you'll need to create new keys called 'TLS 1.1' and 'TLS 1.2' underneath the 'Protocols' key.

    Screen_Shot_2019-10-07_at_11.52.45_AM.png
  3. Once the key structure is created, you can proceed to create this following entry under TLS 1.1/Client and TLS 1.2/Client:
    Entry type: DWORD (32 bit)
    Name: DisabledByDefault
    Value: 0

For Windows 10, we recommend you complete the following steps:

  1. Disable TLS 1.0

1. Disable TLS 1.0

Disable TLS 1.0 from the registry, using the registry editor.

  1. Go to this registry location:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\
  2. If a TLS 1.0 key is present go inside, if not you will have to create a new Key and name it 'TLS 1.0'
  3. If the TLS 1.0 key exists, you should also have a key called 'Client' underneath, if not you will have to create it as you did in the previous step:

    Screen_Shot_2019-10-07_at_11.51.50_AM.png
  4. Go into the 'Client' key and create this following entry
    Entry type: DWORD (32 bit)
    Name: Enabled
    Value: 0  

Registry Script (.REG)

All of the steps above can be automated and deployed via registry scripts. Here are some examples:

.REG to disable TLS 1.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000

.REG to enable TLS 1.0 and 1.2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "DisabledByDefault"=dword:00000000 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000

Note on Windows Server

The Desktop App is not officially supported on Windows Server, so the instructions above are for the normal version of Windows. Depending on the configuration, Windows Server users might need to create extra keys called 'Server' under Protocol/TLS 1.0, Protocol/TLS 1.1, Protocol/TLS 1.2 with the same Enabled and DisabledByDefault entries under each 'Client.' For more information, please check out this blog post from Microsoft.