Best security practice is to use the latest version of TLS available - 1.2. Microsoft does not enable TLS 1.2 by default in many current Operating Systems. How do we enable TLS 1.2 communications in our Symantec Management Platform Altiris environment?
To use TLS 1.2 perform the following steps on your environment.
1. If desired, On a test system verify current TLS settings by downloading and running IISCrypto.exe from the desktop (does not install anything). Download from: https://www.nartac.com/Products/IISCrypto
2. Modify the SMP Communication Profile to allow TLS 1.2
3. Make changes necessary to the OS to accommodate TLS 1.2
Windows Registry Editor Version 5.00
You can also install a Registry change via Task Script or Managed Software Policy in Altiris by using the command line: reg import "AddTLS.reg"
NOTE: A system reboot is required after making this change to Registry
You should verify and check the following Microsoft article regarding the different TLS versions: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)
4. Verify TLS settings changed by using IISCrypto.exe
You may also consider this:
In some scenarios, if the customer is allowing only TLS 1.2 on the SMP and SQL Server, .NET tries to use TLS 1.0 by default and TLS 1.2 needs to be properly called by it.
There are certain places in the registry that needs to be modified to force TLS 1.2 to be the only one in use by .NET.