Call Savance Workplace Call Us: (248) 478-2555

Support Suite

User Login



 

Main

Knowledgebase: EIOBoard Server
Disabling TLS 1.0 in IIS - TLS 1.0 no longer supported
Posted by Travis Fleenor on 04 February 2019 04:13 PM

Disabling TLS 1.0 on the Server

The easiest, most effective and least disruptive way to do this is to disable TLS 1.0 for all .NET operations on the server in question. This way, if there are other services that depend on TLS 1.0 running on the server, you'll be able to continue using them as long as they do not use .NET. These registry keys will prevent .NET from using TLS 1.0, system wide on the server.

To do this, first open regedit and back up your registry, to safeguard against any unforeseen issues due to the registry change. Press windows key+r to open the run command. Type regedit and hit enter. Click on Computer. Then go to File-->Export and export the registry to somewhere you can easily find it. This will be a full back up of all registry keys on the machine.

 

Next, open a new text file in note pad and paste the following text into it

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

 

Go to file Save and in the save window set the file type to All Files (*.*). Then save the file as TLSChange.reg.

 

After the file is saved it should look like this in windows explorer.

If file extensions are not displayed it should look like this. The important thing is that the system recognizes the file contains registry entries

After saving, double click on the file to import the registry entries to the machine. you will be asked to allow RegEdit to make changes to the machine. Then this window will display. Click yes


You can also make these registry edits manually if you prefer, but if the keys do not already exist, you will need to create them.

Once these are added, you may need to restart the server. Then that's it. your Brivo integration will now be able to work properly with Brivo's TLS 1.2 requirement.

 

 

According to communication we received from Brivo in January 2019 -

All Brivo API customers MUST take the necessary steps to review and eliminate any dependency on SSL and TLS 1.0 no later than January 31, 2019 as API calls over TLS 1.0 connections will no longer be supported by Brivo after that date.

If your organization is running an EIOBoard on-prem installation with a Brivo PACSI (Physical Access Control System Integration) you will need to disable TLS 1.0 on your EIOBoard server.