r4kieta
asked on
Google Chrome o SSLVersionMin no longer supported? Why? how to enforce TLS 1.1 and up only.
Hey,
Wandering why these two features were removed from chrome deployments.
I am trying to set the minimum level of TLS to v1.1 due to security reasons.
We have tried several methods but none of them work.
- using policy adm adml file from the download package. https://support.google.com/chrome/a/answer/187202#windows with https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip using
SSLVersionMin and SSLVersionFallbackMin.
- using –ssl-version-min=tls1.1 - i am assuming that this setting does what above does.
- we ultimatelly tried forcing OS setting via registry, but chrome still used TLS 1.0 once run against https://www.ssllabs.com/ssltest/viewMyClient.html
REG ADD "HKLM\System\CurrentContro lSet\Contr ol\Securit yProviders \SChannel\ Protocols\ TLS 1.0\Server" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentContro lSet\Contr ol\Securit yProviders \SChannel\ Protocols\ TLS 1.0\Client" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentContro lSet\Contr ol\Securit yProviders \SChannel\ Protocols\ TLS 1.0\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentContro lSet\Contr ol\Securit yProviders \SChannel\ Protocols\ TLS 1.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f
Any other ways?
Thanks
Chris
Wandering why these two features were removed from chrome deployments.
I am trying to set the minimum level of TLS to v1.1 due to security reasons.
We have tried several methods but none of them work.
- using policy adm adml file from the download package. https://support.google.com/chrome/a/answer/187202#windows with https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip using
SSLVersionMin and SSLVersionFallbackMin.
- using –ssl-version-min=tls1.1 - i am assuming that this setting does what above does.
- we ultimatelly tried forcing OS setting via registry, but chrome still used TLS 1.0 once run against https://www.ssllabs.com/ssltest/viewMyClient.html
REG ADD "HKLM\System\CurrentContro
REG ADD "HKLM\System\CurrentContro
REG ADD "HKLM\System\CurrentContro
REG ADD "HKLM\System\CurrentContro
Any other ways?
Thanks
Chris
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As per advised.