Question:
How can less secure versions of the SSL\TLS protocol (specifically SSL v3, TLS 1, and TLS 1.1) be disabled on SnapStream equipment?
Answer:
Since SnapStream uses IIS Web Server and Microsoft SQL Server, these applications can have SSL/TLS protocol restrictions enforced through Local or Group Policies. It is recommended to consult with your organization's Windows Administrators and Information Security team for the recommended Policy changes.
It is also possible to edit Windows Registry to disable SSL\TLS protocols. Please see the following link to MicroSoft documentation regarding appropriate Registry changes. Note that after making these changes, clients or PCs that don't explicitly have TLS 1.2 enabled, will be unable to connect with SnapStream.
https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings#tls-10
Additional Notes:
It is possible that for older Versions of SnapStream, you will need to check the installed version of SQL Server Express and make sure it has been upgraded or patched to support TLS 1.2. The following MicroSoft KB has more information available on this concern:
https://support.microsoft.com/en-us/help/3135244/kb3135244-tls-1-2-support-for-microsoft-sql-server
It is highly recommended to consult with your organization's Information Security teams before implementing any Policies or Registry changes that will disable or restrict SSL\TLS protocols. This can have an unintended impact to network connections for SnapStream.
Applies to Version:
All versions