Gen EDGE

 View Only

  • 1.  How to initiate a TLS 1.2 connection to external vendor from a GUI client?

    Posted 6 hours ago

    We are trying to initiate a TLS 1.2 connection to an external vendor from a GUI client and are failing.  The wireshark trace indicates that we are sending a TLS 1.0 HELLO.  How can we specify TLS 1.2 instead?  The interface is provided by a .COM DLL provided by the vendor.
    Following is a code snippet which shows our Gen AB creating the GUIOBJect (which is failing).
    __________________________________
    1 ! NOTE
    1 ! ======================================================================
    1 ! Description..: Communicates with external vendor application. This is
    1 ! done through a trigger DLL which is a COM object that
    1 ! will act as the bridge between GUI Client and external vendor.
    1 ! It is responsible for waking the Processing module,
    1 ! transmitting the required keywords and resetting the
    1 ! Processing module when a transaction is complete.
    1 ! ======================================================================
    2 !
    3 ! EXIT STATE IS processing_ok
    4 !
    5 ! +-- CASE OF in_com interface_com_area com_method
    5 ! --- CASE "SCAN"
    6 ! !
    7 ! ! NOTE
    7 ! ! ======================================================================
    7 ! ! Scan. Create Object.  The Create is what is failing because of TLS V1.
    7 ! ! ======================================================================
    8 ! !
    9 ! ! SET lcl interface_com_area com_object TO CreateObject ( "Ext.Vendor.Com.Interop.Interface" )

    from the trace:

    From your screenshot, this stands out to me.

    TLS v1 is not usually supported in newer applications



    ------------------------------
    Doug Seaver
    Systems Development Services Specialist
    Gen Tool Support
    WisDOT
    Madison, WI, USA
    ------------------------------


  • 2.  RE: How to initiate a TLS 1.2 connection to external vendor from a GUI client?

    Broadcom Employee
    Posted 3 hours ago

    Hi Doug,

    I am guessing that your system might be defaulting to TLS 1.0. To enable modern TLS versions (like TLS 1.2 and TLS 1.3) , you'll need to update your Windows Registry settings for Secure Channel (Schannel).

    Schannel is the component Windows uses for secure communications, and configuring its protocols in the registry provides fine-grained control over how your client and server applications negotiate TLS connections.

    Steps to Configure Schannel Protocols:

    1. Navigate to the following registry key:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
    2. Under this Protocols key, you can create (or modify existing) subkeys for the desired TLS versions, such as TLS 1.2 and TLS 1.3.
    3. Within each TLS version subkey, you can further create Client and/or Server subkeys depending on whether you want to control client-side or server-side behavior.
    4. Inside these Client and Server subkeys, create two DWORD (32-bit) values:
      • DisabledByDefault (set to 0 to enable, 1 to disable)
      • Enabled (set to 1 to enable, 0 to disable)

    For detailed instructions and best practices on securing TLS configurations, please refer to these official Microsoft resources:

    Let me know if this helps,

    Amit

    -------------------------------------------

    Original Message