Solved

Google Chrome o      SSLVersionMin no longer supported? Why? how to enforce TLS 1.1 and up only.

Posted on 2016-09-16
2
54 Views
Last Modified: 2016-10-05
Hey,

Wandering why these two features were removed from chrome deployments.
I am trying to set the minimum level of TLS to v1.1 due to security reasons.

We have tried several methods but none of them work.
- using policy adm adml file from the download package. https://support.google.com/chrome/a/answer/187202#windows with https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip using
SSLVersionMin and SSLVersionFallbackMin.

- using –ssl-version-min=tls1.1 - i am assuming that this setting does what above does.

- we ultimatelly tried forcing OS setting via registry, but chrome still used TLS 1.0 once run against https://www.ssllabs.com/ssltest/viewMyClient.html
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Server" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Client" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f

Any other ways?

Thanks
Chris
0
Comment
Question by:r4kieta
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points (awarded by participants)
ID: 41802507
Try iiscrypto tool to set toyour desired crypto. This set the OS level.

http://www.tecklyfe.com/configure-iis-ssltls-protocol-cipher-best-practices/

For Chrome, the level is done via setting the command-line options:
--ssl-version-max
Specifies the maximum SSL/TLS version ("ssl3", "tls1", "tls1.1", or "tls1.2").
--ssl-version-min       
Specifies the minimum SSL/TLS version ("ssl3", "tls1", "tls1.1", or "tls1.2").

Ad explained in https://productforums.google.com/forum/m/#!topic/chrome/mE-KUuYBkSU

You may test the TLS compatibility of unsupported web browsers by visiting https://www.howsmyssl.com.

Also have your IE set to enable TLS 1.1 and 1.2 though it ahould matter but may affect and good to see if this setting is correct with the online test with ssl lab test:
1. Starting in Internet Explorer 10, click Tools > Internet Options.
The Tools menu can sometimes be seen as a gear icon.
2. Click the Advanced tab.
3. In the Security area, select Use TLS 1.1 and Use TLS 1.2.
4. Click OK to save your changes.

Reboot machine.
0
 
LVL 64

Expert Comment

by:btan
ID: 41829543
As per advised.
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
This Micro Tutorial demonstrates the importance of annotations in Google Analytics and how they should be used to document changes made to a site, Google updates (Ex: Panda & Penguin), marketing campaigns, and any other events that might have contri…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question