Difference between revisions of "TLS 1.2 SHA-2 Compliance"

From Payment Processing Software Library
Jump to: navigation, search
(Windows 7 TLS 1.2 Setup)
(Windows 7 TLS 1.2 Setup)
 
(2 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
<br>
 
<br>
 
<br>'''Windows XP, Server 2003, Vista, Server 2008 and below''' DO NOT SUPPORT TLS 1.2/SHA-2 and are NOT ALLOWED To be used in the payment processing environments
 
<br>'''Windows XP, Server 2003, Vista, Server 2008 and below''' DO NOT SUPPORT TLS 1.2/SHA-2 and are NOT ALLOWED To be used in the payment processing environments
*Windows 7 has TLS 1.2 disabled by default. See [[#Windows 7 TLS 1.2 Setup]] below for instructions
+
<br>'''Windows 7 and Windows Server 2008 R2''' have TLS 1.2/SHA-2 disabled by default.
*Windows Server 2008 R2 has TLS 1.2 disabled by default. See [[#Windows Server 2008 R2 Setup]] below for instructions
+
*To enable Windows 7 TLS 1.2 see [[#Windows 7 TLS 1.2 Setup]] below for instructions
 +
*To enable Windows Server 2008 R2 see [[#Windows Server 2008 R2 Setup]] below for instructions
  
 
The processors are discontinuing support for non TLS1.2 protocols. They are required to do so by the PCI council.   
 
The processors are discontinuing support for non TLS1.2 protocols. They are required to do so by the PCI council.   
Line 13: Line 14:
 
==Windows 7 TLS 1.2 Setup==
 
==Windows 7 TLS 1.2 Setup==
 
<pre>
 
<pre>
Windows 7 supports TLS 1.1 and TLS 1.2. However these protocol versions are not enabled on Windows 7 by default. On Windows 8 and higher the protocols are enabled by default. To enable TLS 1.1. and TLS 1.2 on Windows 7 add or change the following registry keys in Windows Registry Editor Version 5.00
+
Windows 7 supports TLS 1.1 and TLS 1.2. However these protocol versions are not enabled on Windows 7 by default.  
 +
On Windows 8 and higher the protocols are enabled by default.  
 +
To enable TLS 1.1. and TLS 1.2 on Windows 7 add or change the following registry keys in Windows Registry Editor Version 5.00
 +
Start the registry editor by clicking on Start and Run. Type in "regedit" into the Run field (without quotations).
  
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]

Latest revision as of 20:36, 1 June 2017

This article is part of the
Payment Processing Software Library

Categories

Get it...

Credit Card Software
Download

Install it...

Installation
Upgrade & Migration

Connect to it...

Point Of Sale Integration

Set it up...

Quick Start Guide
Setup
Processor Setup

Licensing

Learn to use it...

Manual & User Guide
Knowledge Base
Frequently Asked Questions
Compliance Guide
Merchant Account Rates
User Interface Guides

Fix it...

Errors & Troubleshooting
Knowledge Base
Corrupted Install Repair

Get Help...

Contact
Processor Support Contacts

More Info ...

Glossary
Articles

See also...

911 Software
Help

CreditLine Payment Processing Software TLS 1.2 SHA-2 Compliance. This site can also be reached at http://docs.911software.com

Looking for better rates?   Get a Free Credit Card Processing Cost Comparison!

Windows Version Support

PCI Council requires all merchants, vendors and processors to support TLS 1.2/SHA-2.

Windows XP, Server 2003, Vista, Server 2008 and below DO NOT SUPPORT TLS 1.2/SHA-2 and are NOT ALLOWED To be used in the payment processing environments
Windows 7 and Windows Server 2008 R2 have TLS 1.2/SHA-2 disabled by default.

The processors are discontinuing support for non TLS1.2 protocols. They are required to do so by the PCI council.
If you are getting Transmission Error after an upgrade, update your Windows to a PCI and TLS1.2/SHA2 compliant version. This is an industry mandated change. If you need help with this, please call 813-600-3225.

Windows 7 TLS 1.2 Setup

Windows 7 supports TLS 1.1 and TLS 1.2. However these protocol versions are not enabled on Windows 7 by default. 
On Windows 8 and higher the protocols are enabled by default. 
To enable TLS 1.1. and TLS 1.2 on Windows 7 add or change the following registry keys in Windows Registry Editor Version 5.00
Start the registry editor by clicking on Start and Run. Type in "regedit" into the Run field (without quotations).

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000

Windows Server 2008 R2 Setup

By default, Windows Server 2008 R2 does not have this feature enabled.  This KB article will describe the process to enable this.
Start the registry editor by clicking on Start and Run. Type in "regedit" into the Run field (without quotations).

Highlight Computer at the top of the registry tree.  Backup the registry first by clicking on File and then on Export.  Select a file location to save the registry file.

Note: You will be editing the registry.  This could have detrimental effects on your computer if done incorrectly, so it is strongly advised to make a backup.

Browse to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

Right click on the Protocols folder and select New and then Key from the drop-down menu. This will create new folder.  Rename this folder to TLS 1.2.

Right click on the TLS 1.2 key and add two new keys underneath it.

Rename the two new keys as:
Client
Server

Right click on the Client key and select New and then DWORD (32-bit) Value from the drop-down list.

Rename the DWORD to DisabledByDefault.

Right-click the name DisabledByDefault and select Modify... from the drop-down menu.

Ensure that the Value data field is set to 0 and the Base is Hexadecimal.  Click on OK.

Create another DWORD for the Client key as you did in Step 7.

Rename this second DWORD to Enabled.

Right-click the name Enabled and select Modify... from the drop-down menu.

Ensure that the Value data field is set to 1 and the Base is Hexadecimal. Click on OK.

Repeat steps 7 to 14 for the Server key (by creating two DWORDs, DisabledByDefault and Enabled, and their values underneath the Server key).

Reboot the server.
Your server should now support TLS 1.2.