RE: How can I shut down TLS 1.0 in RMS 2.0.2000

Ok, here is what I've figured out so far by trial and error and it now works: (be aware, I'm an amateur)

The newer version of the RR software did fix the Retail Realm issue, but some other things need to be setup before TLS 1.0 is disabled enough to allow Genius machine to work.

A number of patches will have to be installed:

Depending on your SQL version you will probably have to patch it to enable TLS 1.1 and TLS 1.2. Older versions don't support TLS 1.1 or 1.2.

The Native Client component may also have to be patched for the same reason

OLE DB may need to be patch also (same reasons).

Registry changes:

Windows 7 - Server computer: Add the following keys to the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client

add Dword "DisabledByDefault" value = 1

add Dword "Enabled" value = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server

add Dword "DisabledByDefault" value = 1

Windows 7 Client Computers: Add the following keys to the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client

add Dword "DisabledByDefault" value = 1

All Windows 7 computers: Add the following keys to the registry (TLS 1.1 keys may not be necessary though they won't hurt either):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client

add Dword "DisabledByDefault" value = 0

add Dword "Enabled" value = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server

add Dword "DisabledByDefault" value = 0

add Dword "Enabled" value = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client

add Dword "DisabledByDefault" value = 0

add Dword "Enabled" value = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server

add Dword "DisabledByDefault" value = 0

add Dword "Enabled" value = 1

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

add Dword "DefaultSecureProtocols" value = 2560 decimal (this allows both TLS 1.1 and TLS 1.2 to be the defaults)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

add Dword "DefaultSecureProtocols" value = 2560 decimal (this allows both TLS 1.1 and TLS 1.2 to be the defaults)

I'm sure I've missed something, but I believe those were the steps I made to get things to work on Windows 7. I'm now setting up Windows 10 on all my computers and going through a similar process. I've got it working on Win10 machines but I can't access the database in RMS from the server computer itself. just from other client machines. I believe it is because the SQL server is not only a server, but also a client to TSYS (Genius device processor).

Nathan Jung