Configure StorageZone Controller for TLS v1.2 Inbound Connections

Due to known vulnerabilities in older SSL/TLS protocols, administrators are looking to limit inbound connections to StorageZone Controllers to TLS v1.2. The following steps provide guidance on setting up your StorageZone Controller to accept TLS v1.2 connections as well as steps to configure ShareFile clients to communicate over TLS v1.2

Support is available as of StorageZones Controller v4.0 or higher. Validation was performed with an external-facing NetScaler configured with TLS v1.2 only for in-bound connections to the ContentSwitching vServer.

If protocols earlier than TLS v1.2 are disabled on the StorageZones Controller, all client software components that interact with the StorageZone must also support TLS v1.2. Windows sync clients require Microsoft .NET Framework 4.5.2 and registry updates to support TLS v1.2. Mac sync clients do not support TLSv1.2. See below for details on how to configure Windows sync machines to use TLS v1.2.​

Setup – NetScaler Configuration

At the Content Switch Virtual Server, modify SSL Parameters and enable TLS v1.2. You can also disable all other protocols.

User-added image

User-added image

ShareFile Windows Client Configuration

Requirements:

  1. .NET 4.5.2 or higher
  2. The following registry key(s) must be applied to your Windows client operating system in order for the .NET applications to communicate over TLS v1.2 outbound. A client OS restart is required

IMPORTANT: The following registry setting allows .NET 4.0 applications to use TLS v1.2. This setting will apply to all .NET 4 applications installed, so please use caution when applying to ensure there will be no impacts to any other applications.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv4.0.30319]

SchUseStrongCrypto=dword:00000001

For 64-Bit systems, also include:

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv4.0.30319]

SchUseStrongCrypto=dword:00000001

Tested Windows Operating Systems

  1. Windows 7 32-bit/64-bit
  2. Windows 8.1 32-bit/64-bit
  3. Windows 10 32-bit/64-bit

Tested Windows Clients

  1. ShareFile Sync Client for Windows
  2. ShareFile Outlook Plugin
  3. ShareFile Desktop App
  4. ShareFile Drive Mapper
  5. ShareFile PowerShell client

Tested ShareFile Mobile Clients

  1. iOS 8/9
  2. Windows 10 Metro
  3. Android 4.4.2, 5.0.2, 6

Tested Web Browsers

  1. IE 10 / 11 / Edge
  2. Chrome
  3. Firefox
  4. Safari

NetScaler Tested

  1. NetScaler 11.0 63.16


Not Supported

  1. ShareFile Sync for Mac
  2. Windows 8.1 Metro
  3. SFCLI

Related:

  • No Related Posts

Leave a Reply