Versions Compared

Old Version 11

changes.mady.by.user Avi J. Levin

Saved on

compared with

New Version Current

changes.mady.by.user David Elkarat

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Info
iconfalse

Make sure to check the compatibility of the end-user devices when changing the cipher suite or minimum TLS version since such change can break compatibility with your end-user devices.

See below for a list of unsupported devices

https://docs.microsoft.com/en-us/skypeforbusiness/manage/topology/disable-tls-1.0-1.1


Below are general instructions on how to enforce TLS 1.2 on the server communications in your environment: 

General

You may use the following program in order to enable/disable TLS 1.0/1.1/1.2

Bastion

  1. Install or upgrade SQL native client version 11.0.7001.0 or higher (Download Native Client)
  2. Open odbcad32 and create a sql native client connection
  3. Modify the LAC xml\EWS protector xml file with Provider=SQL Server Native Client 11.0;
    <db connStr="Provider=SQL Server Native Client 11.0; Data Source=sqlserver\instance,1433; Initial Catalog=AccessPortal; User ID=AccessPortalUser; Password=1234;" /> 
  4. In the Bastion.xml (located by default in: C:\Agat\Bastion) change the <minAllowedVersion> to tlsv1.2 
     
  5. Disable TLS 1.0 and 1.1 from the system registry
  6. Restart bastion service or reboot the server

Edge servers

  1. Install or upgrade SQL native client version 11.4.7001.0 or higher
  2. Open odbcad32 and create a SQL native client connection (For more information about this step see below)
  3. Disable TLS 1.0 and 1.1 from the system registry
  4. Restart Sphereshield service or reboot the server

SQL Database

  1. Make sure you have a SQL Server version that supports TLS 1.2  (How to check which version of SQL do I have?) (Which SQL versions support TLS 1.2?)
  2. Install ODBC 13 on the SQL server


How to "Open odbcad32 and create a SQL native client connection":

Open a Run window and run "odbcad32"
To create a new SQL native client connection go into the "System DSN" tab and hit "New".
And then in the "Create New Data Source" window hit the "SQL Server Native client 11.0" and then hit "Finish".
From there on it's pretty straightforward. (Enter name of connection, description, server)
Note that you'll need to use SQL server authentication and not integrated windows authentication. 

...