Enhancing security, the customer aims to enforce TLS 1.1 and 1.2 for MFD-YSoft SafeQ communication.
Applies to YSoft SafeQ 5 and YSoft SafeQ 6.
The customer wants to improve security by enforcing the TLS 1.1 and 1.2 for the communication between the MFD and YSoft SafeQ.
The security protocol for incoming connections to YSoft SafeQ Terminal Server is inherited from the settings of the operating system. Terminal Server binds the lowest support security protocol allowed in the system.
The security protocol for outgoing connections from YSoft SafeQ Terminal Server is based on multiple factors (such as operating system, .Net version) and required version can be set using a system parameter securityProtocolTypesForOutboundCommunication .
- To force Terminal Server to use TLS 1.1/TLS1.2 for outgoing connections (e.g. when connecting to the MFD), change the value of parameter securityProtocolTypesForOutboundCommunication (expert view within System Settings on the YSoft SafeQ management interface) to: Tls11, Tls12
- To force Terminal Server to allow only security protocol TLS 1.1/TLS 1.2 for incoming connections it is necessary to update operating system configuration. See below instructions on how to do it:
- Create TLS.reg file with the following content below
- Upload the file to the server where an affected Terminal Server runs
Restart the server where the file was appliedtls.reg
Note: we recommend to review this change with the administrator of the customer, the change in the registry might be overridden for example by the domain policy
Windows Registry Editor Version 5.00
The additional information for other YSoft SafeQ components can be found in the documentation.