Configure TLS 1.2 on Windows clients accessing Azure Stack Edge Pro device
APPLIES TO: Azure Stack Edge Pro - GPU
Azure Stack Edge Pro 2
Azure Stack Edge Pro R
Azure Stack Edge Mini R
If you are using a Windows client to access your Azure Stack Edge Pro device, you are required to configure TLS 1.2 on your client. This article provides resources and guidelines to configure TLS 1.2 on your Windows client.
The guidelines provided here are based on testing performed on a client running Windows Server 2016.
Configure TLS 1.2 for current PowerShell session
Use the following steps to configure TLS 1.2 on your client.
Run PowerShell as administrator.
To set TLS 1.2 for the current PowerShell session, type:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Configure TLS 1.2 on client
If you want to set system-wide TLS 1.2 for your environment, follow the guidelines in these documents:
How to enable TLS 1.2 on the site servers and remote site systems
Cipher Suites: Specifically Configuring TLS Cipher Suite Order Make sure that you list your current cipher suites and prepend any missing from the following list:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
You can also add these cipher suites by directly editing the registry settings. The variable $HklmSoftwarePath should be defined $HklmSoftwarePath = 'HKLM:\SOFTWARE'
New-ItemProperty -Path "$HklmSoftwarePath\Policies\Microsoft\Cryptography\Configuration\SSL\00010002" -Name "Functions" -PropertyType String -Value ("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384")
How to set elliptical curves
Make sure that you list your current elliptical curves and prepend any missing from the following list:
- P-256
- P-384
You can also add these elliptical curves by directly editing the registry settings.
New-ItemProperty -Path "$HklmSoftwarePath\Policies\Microsoft\Cryptography\Configuration\SSL\00010002" -Name "EccCurves" -PropertyType MultiString -Value @("NistP256", "NistP384")
Next steps
Feedback
Submit and view feedback for