Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Google Chrome o      SSLVersionMin no longer supported? Why? how to enforce TLS 1.1 and up only.

Posted on 2016-09-16
2
Medium Priority
?
70 Views
Last Modified: 2016-10-05
Hey,

Wandering why these two features were removed from chrome deployments.
I am trying to set the minimum level of TLS to v1.1 due to security reasons.

We have tried several methods but none of them work.
- using policy adm adml file from the download package. https://support.google.com/chrome/a/answer/187202#windows with https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip using
SSLVersionMin and SSLVersionFallbackMin.

- using –ssl-version-min=tls1.1 - i am assuming that this setting does what above does.

- we ultimatelly tried forcing OS setting via registry, but chrome still used TLS 1.0 once run against https://www.ssllabs.com/ssltest/viewMyClient.html
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Server" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Client" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f

Any other ways?

Thanks
Chris
0
Comment
Question by:r4kieta
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points (awarded by participants)
ID: 41802507
Try iiscrypto tool to set toyour desired crypto. This set the OS level.

http://www.tecklyfe.com/configure-iis-ssltls-protocol-cipher-best-practices/

For Chrome, the level is done via setting the command-line options:
--ssl-version-max
Specifies the maximum SSL/TLS version ("ssl3", "tls1", "tls1.1", or "tls1.2").
--ssl-version-min       
Specifies the minimum SSL/TLS version ("ssl3", "tls1", "tls1.1", or "tls1.2").

Ad explained in https://productforums.google.com/forum/m/#!topic/chrome/mE-KUuYBkSU

You may test the TLS compatibility of unsupported web browsers by visiting https://www.howsmyssl.com.

Also have your IE set to enable TLS 1.1 and 1.2 though it ahould matter but may affect and good to see if this setting is correct with the online test with ssl lab test:
1. Starting in Internet Explorer 10, click Tools > Internet Options.
The Tools menu can sometimes be seen as a gear icon.
2. Click the Advanced tab.
3. In the Security area, select Use TLS 1.1 and Use TLS 1.2.
4. Click OK to save your changes.

Reboot machine.
0
 
LVL 64

Expert Comment

by:btan
ID: 41829543
As per advised.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
This Micro Tutorial demonstrates in Google Analytics how to create a custom report that shows you traffic over time using the month of year dimensions. There are also instructions on how to fix Google's odd month of year formatting, which Microsoft …
This Micro Tutorial demonstrates how to create custom reports and the secrets of determine the metrics and dimensions for your data that works best with your needs.
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question