About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Support and troubleshooting/Examples and how to

Check and modify TLS versions from registry

Last updated on 9 December 2024

Admin
Microsoft Entra ID Authentication

Overview

This article will describe how to check, which TLS versions are in use and how to change them. Modifying the registry is the base level for the settings.

 

Solution

There are four places in the registry to check the used TLS versions: Client, Server, 32-bit .NET and 64-bit .NET. Example for TLS 1.2 below.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\ TLS 1.2\Client]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

Each registry key has some values. For the Server and the Client they are quite self-explanatory as seen below. DWORD value is either 1 (enabled) or 0 (disabled). In the example below the setting is enabled.

"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000

For the .NET it’s the same thing, though the values are not that clear. So 1's enables TLS 1.2 and higher and  0 is used for lower TLS versions. In the example below the system uses TLS 1.2 or higher.

SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:0000001

Below is an example of setup that has TLS 1.2 enabled and TLS 1.1 and 1.3 disabled. There is no 1.1 or 1.3 key. The same could be accomplished by adding those keys with Enabled: 0 and DisabledByDefault: 1.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:0000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

Reference Documents

Transport Layer Security (TLS) registry settings | Microsoft Learn

Azure AD TLS 1.0 and 1.1 Error: "Silent Microsoft authentication failed" (site.com)

Notes

  • The registry keys above depend on the OS and M-Files does not control them.
  • M-Files cannot guarantee the correctness and completeness of these examples in the future, nor the availability and content of the third party article linked above.
  • Often, an OS restart is needed for a change in these settings to take effect.
Related content

Still need help?

Ask the M-Files Community
Submit a Support Request
On this page
Overview
This article will describe how to check, which TLS versions are in use and how to change them. Modifying the registry is the base level for the settings.
 
Solution
Reference Documents
Notes
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions