Adding TLS 1.2 to your Server - Required for the 3.11.10.5 Update

Adding TLS 1.2 to your Server - Required for the 3.11.10.5 Update

TLS 1.1 and 1.2 must be enabled and TLS1.2 must be selected as the default secure protocol on the FOS server for the new e-APIS REST connection.

Add support for TLS 1.1 & TLS 1.2 in Windows Server 2008
To run this update on Windows Server 2008, you must have Windows Server 2008 SP2 installed.
You must restart the computer after you apply these updates.

How to enable TLS 1.1 and TLS 1.2
Note For TLS 1.1 & 1.2 to be enabled and negotiated, you must create the DisabledByDefault
DWORD entry in the appropriate subkey (Client, Server), and then change the DWORD value to 0.
By default, this entry does not exist in the registry.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2

TLS 1.2 subkey table

Subkey             Description                                                             Default
Client               Controls the use of TLS 1.2 on the client            Enabled
Server              Controls the use of TLS 1.2 on the server           Enabled
DisabledByDefault Flag to disable TLS 1.2 by default                Enabled


Set TLS 1.2 as the default secure protocol
Applications and services that are written by using WinHTTP for Secure Sockets Layer (SSL) connections can't use TLS 1.1 or TLS 1.2 protocols.
This update adds support for DefaultSecureProtocols registry entry that allows the system administrator to specify which SSL protocols should be used by default.
This can allow certain applications that were built to use the WinHTTP default flag to be able to leverage the newer TLS 1.2 or TLS 1.1 protocols natively without any need for updates to the application.
This update requires that the Secure Channel (SCHANNEL) component be configured to support TLS 1.1 and 1.2. As these protocol versions are not enabled by default in Windows 7 and Windows
2008, you must configure the registry settings to ensure applications can successfully use TLS 1.1 and 1.2.
This update will not change the behavior of applications that are manually setting the secureprotocols instead of passing the default flag.

The DefaultSecureProtocols registry entry can be added in the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\WinHttp

On x64-based computers, DefaultSecureProtocols must also be added to the Wow6432Node path:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

The registry value is a DWORD bitmap.

DefaultSecureProtocols Value Protocol Enabled
0x00000008             Enable SSL 2.0 by default
0x00000020             Enable SSL 3.0 by default
0x00000080             Enable TLS 1.0 by default
0x00000200            Enable TLS 1.1 by default
0x00000800             Enable TLS 1.2 by default

For example:
The administrator wants to override the default values for
WINHTTP_OPTION_SECURE_PROTOCOLS to specify TLS 1.1 and TLS 1.2.

Take the value for TLS 1.1 (0x00000200) and the value for TLS 1.2 (0x00000800), then add them together in calculator (in programmer mode), and the resulting registry value would be 0x00000A00.

References
https://support.microsoft.com/en-us/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows
https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi
https://docs.microsoft.com/en-us/security/solving-tls1-problem

    • Related Articles

    • Airport Update - Automation Setup

      As of 3.15.4, airport updates can now be automated. Below are the instructions for setting up the airport update automation. Notes: With the release of FOS version 3.14.3, airport data will be provided by Universal Aviation. Any new data is released ...

    • Adding a Place

      The Places Module allows users to create a designation and/or an airport/strip for certain locations that are in an area that they frequently visit. To add a new place select the red "+" symbol will open a new record screen. When a new place is ...

    • Viewing and Adding Clocks

      The Clock Module can be accessed from the main menu of FOS. Viewing Clocks Please note, if you have not set any clocks previously, a blank window will appear (shown below): If there are existing clocks, they will be displayed, allowing you to enter ...

    • Installing or moving FOS to a new server

      If FOS has already been installed on a server and needs to be moved to a new server follow the steps below: 1. Make a Copy of the FOS and Data Folders. Ensure all users are logged out of FOS when this occurs. 2. Deauthorize the Pervasive key on the ...

    • FOS Airport Update Instructions (3.15.4 and greater)

      Prerequisite: Ensure you are updating from FOS 3.12.1 or higher, if not please refer to the setup instructions outlined in this article and complete steps 1-2. If you are hosted by Portside, this requirement has been completed already. Notes: With ...