Best security practice is to use the latest version of TLS available - 1.2. Microsoft does not enable TLS 1.2 by default in many current Operating Systems. How do we enable TLS 1.2 communications in our Workflow Server?
Symptoms of insufficiently configured TLS 1.2 will include Reports and pages including report web parts malfunctioning with the error message below.
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm
To use TLS 1.2 perform the following steps on your environment.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Disabledbydefault"=dword:00000000
"Enabled"=dword:00000001
Process Manager does directly enable the use of TLS 1.2 which causes .NET to default to lower versions. For .NET 4.5/4.5.1/4.5.2, use of TLS 1.2 can be forced by using a registry value.
The value to add is a DWORD value SchUseStrongCrypto set to 1 in the following registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001