Edit

Configure TLS 1.2 on Windows clients accessing Azure Stack Edge Pro device

  • Article

APPLIES TO: Yes for Pro GPU SKUAzure Stack Edge Pro - GPUYes for Pro 2 SKUAzure Stack Edge Pro 2Yes for Pro R SKUAzure Stack Edge Pro RYes for Mini R SKUAzure Stack Edge Mini R                  

If you are using a Windows client to access your Azure Stack Edge Pro device, you are required to configure TLS 1.2 on your client. This article provides resources and guidelines to configure TLS 1.2 on your Windows client.

The guidelines provided here are based on testing performed on a client running Windows Server 2016.

Configure TLS 1.2 for current PowerShell session

Use the following steps to configure TLS 1.2 on your client.

  1. Run PowerShell as administrator.

  2. To set TLS 1.2 for the current PowerShell session, type:

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Configure TLS 1.2 on client

If you want to set system-wide TLS 1.2 for your environment, follow the guidelines in these documents:

  • General- how to enable TLS 1.2

  • How to enable TLS 1.2 on clients

  • How to enable TLS 1.2 on the site servers and remote site systems

  • Protocols in TLS/SSL (Schannel SSP)

  • Cipher Suites: Specifically Configuring TLS Cipher Suite Order Make sure that you list your current cipher suites and prepend any missing from the following list:

    • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

    You can also add these cipher suites by directly editing the registry settings. The variable $HklmSoftwarePath should be defined $HklmSoftwarePath = 'HKLM:\SOFTWARE'

    New-ItemProperty -Path "$HklmSoftwarePath\Policies\Microsoft\Cryptography\Configuration\SSL\00010002" -Name "Functions"  -PropertyType String -Value ("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384")

  • How to set elliptical curves

    Make sure that you list your current elliptical curves and prepend any missing from the following list:

    • P-256
    • P-384

    You can also add these elliptical curves by directly editing the registry settings.

    New-ItemProperty -Path "$HklmSoftwarePath\Policies\Microsoft\Cryptography\Configuration\SSL\00010002" -Name "EccCurves" -PropertyType MultiString -Value @("NistP256", "NistP384")

Next steps

Connect to Azure Resource Manager