Solved

Google Chrome o      SSLVersionMin no longer supported? Why? how to enforce TLS 1.1 and up only.

Posted on 2016-09-16
2
40 Views
Last Modified: 2016-10-05
Hey,

Wandering why these two features were removed from chrome deployments.
I am trying to set the minimum level of TLS to v1.1 due to security reasons.

We have tried several methods but none of them work.
- using policy adm adml file from the download package. https://support.google.com/chrome/a/answer/187202#windows with https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip using
SSLVersionMin and SSLVersionFallbackMin.

- using –ssl-version-min=tls1.1 - i am assuming that this setting does what above does.

- we ultimatelly tried forcing OS setting via registry, but chrome still used TLS 1.0 once run against https://www.ssllabs.com/ssltest/viewMyClient.html
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Server" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Client" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f

Any other ways?

Thanks
Chris
0
Comment
Question by:r4kieta
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points (awarded by participants)
ID: 41802507
Try iiscrypto tool to set toyour desired crypto. This set the OS level.

http://www.tecklyfe.com/configure-iis-ssltls-protocol-cipher-best-practices/

For Chrome, the level is done via setting the command-line options:
--ssl-version-max
Specifies the maximum SSL/TLS version ("ssl3", "tls1", "tls1.1", or "tls1.2").
--ssl-version-min       
Specifies the minimum SSL/TLS version ("ssl3", "tls1", "tls1.1", or "tls1.2").

Ad explained in https://productforums.google.com/forum/m/#!topic/chrome/mE-KUuYBkSU

You may test the TLS compatibility of unsupported web browsers by visiting https://www.howsmyssl.com.

Also have your IE set to enable TLS 1.1 and 1.2 though it ahould matter but may affect and good to see if this setting is correct with the online test with ssl lab test:
1. Starting in Internet Explorer 10, click Tools > Internet Options.
The Tools menu can sometimes be seen as a gear icon.
2. Click the Advanced tab.
3. In the Security area, select Use TLS 1.1 and Use TLS 1.2.
4. Click OK to save your changes.

Reboot machine.
0
 
LVL 63

Expert Comment

by:btan
ID: 41829543
As per advised.
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
Australian government abolished Visa 457 earlier this April and this article describes how this decision might affect Australian IT scene and IT experts.
This Micro Tutorial will demonstrate how to updated your Facebook updates after changing anything in the title or description of a shared article.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question