Articles in this section

See more

Requirements for forcing TLS 1.2 on the Connector and Roaming Client

Avatar
Poh Chong
  • Updated
Follow

 

Overview

 

Cisco Umbrella is updating the connector and roaming client to support TLS 1.2 natively before TLS 1.0 and 1.1 are disabled on the Umbrella cloud. Clients with lower versions will need to make manual adjustments after September 2020 to continue using the Umbrella clients without updating.

Windows Roaming Client or AnyConnect Module
-------
Endpoint Agent Version:
Cisco Umbrella roaming client: Version 2.2.356+ (link)
or
Cisco AnyConnect with Umbrella roaming module: Version 4.8.02042+ (link)
or
Using older client version, configure TLS 1.2 use with changes to the Windows Registry:

Microsoft .NET Framework Version:
.NET 4.6.2+ or patched .NET 3.5.1 (link)
(Note: AnyConnect requires .NET)

Windows Version: 7, 8, 8.1, 10

MacOS Roaming Client or AnyConnect Module
-------
Endpoint Agent Version
Umbrella Roaming Client, Minimum Endpoint Version: Any
or
Cisco AnyConnect roaming module minimum version: Any

macOS Version: 10.9+

 

For those that do not meet these requirements, please continue reading.

 

Technical Detail

 

Prior to disabling TLS 1.0 and SSL protocols on the Windows endpoint, you will need to verify if any older .NET versions are installed, and apply the registry keys as per the Microsoft article above.

Below is a step-by-step guide:

1. Verify what .NET Framework version is installed on the Windows machine

2. If only .NET version 4.6.2 (and above) is installed, the latest .NET Framework requires you to toggle with stronger cipher using these registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

3. If both .NET version 4 and 3.5 are installed, on top of the registry keys for .NET version 4,  .NET 3.5 would also require you to:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001

 

 

Related articles

Comments

0 comments

Article is closed for comments.