Windows 2012 R2 and TLS 1.0

All about WTware on Raspberry. WTware works with Raspberry Pi 4, Raspberry Pi 3B+, Pi 3 and Pi 2 devices
http://www.winterminal.com
Post Reply
pls_it
Posts: 4
Joined: Wed Sep 14, 2016 10:40 pm

Windows 2012 R2 and TLS 1.0

Post by pls_it »

We are testing the use of a raspberry pi 3 as a thin client. If TLS 1.0 is disabled on the server then I cannot log on. If it is enabled I can log on. Our parent company security expert is telling us that TLS 1.0 enabled is a vulnerability. Below is part of the log file. Any suggestions?
Thanks

14-22-01-434| [ rdpclient 581] [ 21.652504] TCP: connecting to 10.180.xx.xx:3389.
14-22-01-434| [ rdpclient 581] [ 21.652597] TCP: connection with 10.180.xx.xx:3389 established.
14-22-01-434| [ rdpclient 581] [ 21.652637] Turn keepalive on.
14-22-01-434| [ rdpclient 581] [ 21.652928] Free ram after buffers allocation: 924016 KB.
14-22-01-434| [ gm] [ 21.674643] /graphic/ppllg.png: 32x38.
14-22-01-434| [ rdpclient 581] [ 33.480946] Reconnect with CredSSP enabled.
14-22-01-434| [ rdpclient 581] [ 33.481071] TCP: reconnecting to 10.180.xx.xx:3389.
14-22-01-434| [ rdpclient 581] [ 33.481571] TCP: connection with 10.180.xx.xx:3389 established.
14-22-01-434| [ rdpclient 581] [ 33.481658] Turn keepalive on.
14-22-01-434| [ rdpclient 581] [ 33.484855] CredSSP.
14-22-01-434| [ rdpclient 581] [ 33.498209] SSL_ERROR_SYSCALL
14-22-01-434| [ rdpclient 581] [ 33.498338] rdpclient-tcp.cpp ( 477): -- ERROR -- INTERNAL ERROR. Please, contact WTware tech support.
14-22-01-434| [ rdpclient 581] [ 33.498422] rdpclient-tcp.cpp ( 520): -- ERROR -- INTERNAL ERROR. Please, contact WTware tech support.
14-22-01-434| [ rdpclient 581] [ 33.498501] CredSSP connection failed.
14-22-01-434| [ pfac] [ 33.499432] Process pid 581 terminated, status 00000009.
14-22-01-434| [ gm] [ 33.508649] Final message: CredSSP connection failed.
14-22-01-434| [ gm] [ 33.513671] /graphic/exlm.png: 44x42.
aka
SUPPORT
SUPPORT
Posts: 939
Joined: Fri Dec 03, 2004 2:05 pm
Contact:

Re: Windows 2012 R2 and TLS 1.0

Post by aka »

Please, tell me which server should i use and how can i disable TLS 1.0 to test it.
pls_it
Posts: 4
Joined: Wed Sep 14, 2016 10:40 pm

Re: Windows 2012 R2 and TLS 1.0

Post by pls_it »

Connect to a Windows 2012 R2 server. The TLS settings are in the registry. Server must be restarted after making changes.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
Under Protocols is keys for TLS 1.0, TLS 1.1 and TLS 1.2
TLS 1.2 may not exist
Under each of those is a key for Client and Server. We are just concerned about Server values
For TLS 1.0\Server DisabledByDefault should have a value of 1 and Enabled = 0
For TLS 1.1\Server DisabledByDefault should have a value of 1 and Enabled = 0
For TLS 1.2\Server DisabledByDefault should have a value of 0 and Enabled = 1

If you need to add the keys for TLS 1.2 Run the command prompt as the administrator and execute the below two commands
reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v Enabled /t REG_DWORD /d 0x1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v DisabledByDefault /t REG_DWORD /d 0x0 /f

Thanks for your help
aka
SUPPORT
SUPPORT
Posts: 939
Joined: Fri Dec 03, 2004 2:05 pm
Contact:

Re: Windows 2012 R2 and TLS 1.0

Post by aka »

Please, try wtware 5.4.50.
pls_it
Posts: 4
Joined: Wed Sep 14, 2016 10:40 pm

Re: Windows 2012 R2 and TLS 1.0

Post by pls_it »

I just tried version 5.4.50 and with TLS 1.0 disabled I am able to log in. Thanks so much for your help and quick response.
Thanks
Post Reply