SecureAuth Crypto Tool
Introduction
Use this guide to learn how to install and use the SecureAuth Crypto Tool.
The Crypto Tool allows customers to enable or disable the TLS 1.0, 1.1, 1.2 cryptographic protocol families on the SecureAuth IdP appliance.
Prerequisites
A SecureAuth IdP appliance running on any of the currently supported Windows Server operating systems.
Discussion
Disclaimer
THIS SOFTWARE IS PROVIDED "AS IS" AND SECUREAUTH CORPORATION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL SECUREAUTH CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHAT SO EVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Why is there no management for SSL versions?
The SSL family of protocols are insecure and disabled by default on SecureAuth IdP Appliances. Industry best practices are to disable SSL 1.0, 2.0, and 3.0 and this tool adheres to those best practices.
Some customers, however, may have production legacy systems which require the SSL family of protocols to be used. SecureAuth appliances can have these insecure protocols re-enabled. For assistance with this process, contact SecureAuth Support.
Crypto Tool Installation and Usage
Installation
Contact Support for the Crypto Tool and download it to the SecureAuth IdP appliance.
Navigate to the download, right-click on the archive, select Properties, and view the General tab.
If the Unblock button appears on this tabbed page, click it then press OK to dismiss the Properties window.
Right-click the archive file again and select Extract All.
Extract the archive to D:\MFCApp_Bin\Extras.
TLS 1.0
Use the following instructions to enable or disable the TLS 1.0 protocol.
Launch the SecureAuth Crypto Tool at D:\MFCApp_Bin\Extras\CryptoTool\CryptoTool.bat.
The splash page for the tool appears. The page advances automatically in 5 seconds, or press any key before that time to advance manually.
The Legal Terms appear.
If the terms are acceptable, type AGREE at the prompt and press Enter.
If the terms are not acceptable, press Enter and the script exits automatically.
The Main Menu opens.
In the Main Menu, type 1 and press Enter.
The Registry will now be updated.
The configuration change is now complete.
Reboot the appliance so that the changes take effect.
Warning
Before disabling the TLS 1.0 protocol on the appliance, SecureAuth recommends auditing the network for legacy devices which require the protocol for operation. If there is a device reliant upon the TLS 1.0 protocol and it is disabled, that device will no longer be able to communicate with the appliance.
Launch the SecureAuth Crypto Tool at D:\MFCApp_Bin\Extras\CryptoTool\CryptoTool.bat.
The splash page for the tool appears. The page advances automatically in 5 seconds, or press any key before that time to advance manually.
If you find the terms acceptable, type AGREE at the prompt and press Enter.
If the terms are not acceptable, press Enter and the script exits automatically.
The Main Menu opens.
In the Main Menu, type 2 and press Enter.
The Registry will now be updated.
Once the configuration is completed, press any key to continue.
Reboot the appliance for the changes to take effect.
TLS 1.1
Use these instructions to enable or disable the TLS 1.1 protocol.
Launch the SecureAuth Crypto Tool at D:\MFCApp_Bin\Extras\CryptoTool\CryptoTool.bat.
The splash page for the tool appears. The page advances automatically in 5 seconds, or press any key before that time to advance manually.
If you agree with the terms, type AGREE at the prompt and press Enter.
If the terms are not accepted, press Enter and the script exits automatically.
The Main Menu opens.
In the Main Menu, type 3 and press Enter.
The Registry will now be updated.
Once the configuration is completed, press any key to continue.
Reboot the appliance for the changes to take effect.
Launch the SecureAuth Crypto Tool at D:\MFCApp_Bin\Extras\CryptoTool\CryptoTool.bat.
The splash page for the tool appears. The page advances automatically in 5 seconds, or press the spacebar at any time to advance manually.
If you find the terms acceptable, type AGREE at the prompt and press Enter.
If the terms are not acceptable, press Enter and the script exits automatically.
The Main Menu opens.
In the Main Menu, type 4 and press Enter.
The Registry will now be updated.
Once the configuration change is completed, press any key to continue.
Reboot the appliance for the changes to take effect.
TLS 1.2
Use these instructions to enable or disable the TLS 1.2 protocol.
Launch the SecureAuth Crypto Tool at D:\MFCApp_Bin\Extras\CryptoTool\CryptoTool.bat.
The splash page for the tool appears. The page advances automatically in 5 seconds, or press the spacebar at any time to advance manually.
If you find the terms acceptable, type AGREE at the prompt and press Enter.
If the terms are not acceptable, press Enter and the script exits automatically.
The Main Menu opens.
In the Main Menu, type 5 and press Enter.
The Registry will now be updated.
Once the configuration change is completed, press any key to continue.
Reboot the appliance for the change to take effect.
Launch the SecureAuth Crypto Tool at D:\MFCApp_Bin\Extras\CryptoTool\CryptoTool.bat.
The splash page for the tool appears. The page advances automatically in 5 seconds, or press the spacebar at any time to advance manually.
If you find the terms acceptable, type AGREE at the prompt and press Enter.
If the terms are not acceptable, press Enter and the script exits automatically.
The Main Menu opens.
In the Main Menu, type 6 and press Enter.
The Registry will now be updated.
Once the configuration change is completed, press any key to continue.
Reboot the appliance for the change to take effect.