GroupWise 18.2.1 and later – cannot create Trusted Application key – TLS problem

[Support 2]

GroupWise 18.2.1 and later have dropped support for TLS 1.x, which Archive To Go defaults to when creating a GroupWise Trusted Application key when using the Archive To Go Systems editor.

The Problem

Applications compiled with the .Net Framework versions below 4.7 will default to a lower security level and not TLS 1.2. As the Advansys GroupWise REST Admin API targets .NET Framework 4.0.30319, it will not automatically select TLS 1.2, even though the application can support it. Our code does not explicitly set a security protocol version, which is best practice.

Work-around

A quick solution is to change two Windows Registry entries to force all .NET 4.0.30319 applications to use strong security. This approach will work for both Formativ Enterprise solutions and Archive To Go.

To force strong security, under the .NETFramework\v4.0.30319 entry, both keys, SystemDefaultTlsVersions and SchUseStrongCrypto need to be set to a DWORD value of 1 (the default is 0).

The Windows Registry entries are shown below in .REG file format.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
“SchUseStrongCrypto”=dword:00000001
“SystemDefaultTlsVersions”=dword:00000001

Do note that this will force strong security for all .NET Framework 4.0.30319 applications on the target workstation and we cannot know if there will be unintended consequences for older applications.

References

1. https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls
2. https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#configuring-security-via-the-windows-registry

Topic