Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Applications that rely on TLS 1.2 strong encryption experience connectivity failures after a Windows upgrade


View products that this article applies to.

This article also applies to the following:

  • Microsoft .NET Framework 3.5

↑ Back to the top


Summary

Customers who run .NET Framework applications that rely on Transport Layer Security (TLS) 1.2, such as Intuit QuickBooks Desktop, may experience connectivity failures after they upgrade their system to a newer version of Windows.

↑ Back to the top


Symptoms

Consider the following scenario:

In this scenario, you observe connectivity failures after the upgrade. The failures may include, but are not limited to, the following exception message and inner exception message:

↑ Back to the top


Cause

This problem occurs because the SchUseStrongCrypto flag is not preserved throughout the Windows upgrade process.

↑ Back to the top


Workaround

To work around this problem, use one of the following methods.

Workaround 1

Re-enable TLS 1.2 support as a machine-wide default protocol by setting the SchUseStrongCrypto registry key flag that has a DWORD value of 1, as follows:

HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node\]Microsoft\.NETFramework\<VERSION>: SchUseStrongCrypto

Note You must add "[Wow6432Node\]"if the application runs as a 32-bit process on a 64-bit operating system, and set <VERSION>to either v4.0.30319 (for .NET Framework 4 and later versions) or v2.0.50727 (for .NET Framework 3.5).

Workaround 2

Enable TLS 1.2 support for your particular application (not machine-wide) by using an AppContext switch in the "<runtime>" section of your config file, as follows:

<runtime>

<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false" />

</runtime>

Note By using this switch, you you can avoid this problem from recurring in future Windows upgrades because the setting will be correctly persisted.

↑ Back to the top


Status

Microsoft has now resolved this issue for some devices. An update is available on Microsoft’s Update Catalog as of August 16, 2018 for those customers who have Intuit QuickBooks installed.

These customers may also check for updates on Windows Update by going to Settings > Update & Security > Windows Update and selecting Check for updates.

For devices that do not have Intuit QuickBooks installed and who are experiencing this issue:  Microsoft is working on a resolution and will provide an update in an upcoming release. 

 

↑ Back to the top


Keywords: kbprb, kbsurveynew

↑ Back to the top

Article Info
Article ID : 4458166
Revision : 15
Created on : 8/17/2018
Published on : 8/17/2018
Exists online : False
Views : 119