Documentation

 

 

Introduction

Use this guide to learn how to install and use the SecureAuth Crypto Tool.

The Crypto Tool allows customers to enable or disable the TLS 1.0, 1.1, 1.2 cryptographic protocol families on the SecureAuth IdP appliance.

Prerequisites

A SecureAuth IdP appliance running on any of the following operating systems:

  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
Discussion

Disclaimer 


THIS SOFTWARE IS PROVIDED "AS IS" AND SECUREAUTH CORPORATION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL SECUREAUTH CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHAT SO EVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

 

Why is there no management for SSL versions?


The SSL family of protocols are insecure and disabled by default on SecureAuth IdP Appliances. Industry best practices are to disable SSL 1.0, 2.0, and 3.0 and this tool adheres to those best practices.

Some customers, however, may have production legacy systems which require the SSL family of protocols to be used. SecureAuth appliances can have these insecure protocols re-enabled. For assistance with this process, contact SecureAuth Support.

Crypto Tool Installation and Usage

1. Download the Crypto Tool to the SecureAuth IdP appliance.

2. Navigate to the download, right-click on the archive, select Properties, and view the General tab.

3. If the Unblock button is present in the tab, click it then press OK to dismiss the Properties window.

4. Right-click the archive file again and select Extract All.

5. Extract the archive to D:\MFCApp_Bin\Extras.

Use these instructions to enable or disable the TLS 1.0 protocol.

 

 How to enable TLS 1.0...

1. Launch the SecureAuth Crypto Tool at D:\MFCApp_Bin\Extras\CryptoTool\CryptoTool.bat

The splash page for the tool appears. The page advances automatically in 5 seconds, or the spacebar can be pressed to advance manually.

2. If the terms are accepted, type AGREE at the prompt and press Enter. If the terms are not accepted, press Enter and the script exits automatically.

The Main Menu opens.

3. In the Main Menu, type 1 and press Enter.

The Registry will now be updated.

The configuration change is now complete.

The appliance must be rebooted for the changes to take effect.

 How to disable TLS 1.0...

Before disabling the TLS 1.0 protocol on the appliance, SecureAuth recommends auditing the network for legacy devices which require the protocol for operation. If there is a device reliant upon the TLS 1.0 protocol and it is disabled, that device will no longer be able to communicate with the appliance.

1. Launch the SecureAuth Crypto Tool at D:\MFCApp_Bin\Extras\CryptoTool\CryptoTool.bat

The splash page for the tool appears. The page advances automatically in 5 seconds, or the spacebar can be pressed to advance manually.

2. If the terms are accepted, type AGREE at the prompt and press Enter. If the terms are not accepted, press Enter and the script exits automatically.

The Main Menu opens.

3. In the Main Menu, type 2 and press Enter.

The Registry will now be updated.

The configuration change is complete.

The appliance must be rebooted for the changes to take effect.

Use these instructions to enable or disable the TLS 1.1 protocol.

 

 How to enable TLS 1.1...

1. Launch the SecureAuth Crypto Tool at D:\MFCApp_Bin\Extras\CryptoTool\CryptoTool.bat

The splash page for the tool appears. The page advances automatically in 5 seconds, or the spacebar can be pressed to advance manually.

2. If the terms are accepted, type AGREE at the prompt and press Enter. If the terms are not accepted, press Enter and the script exits automatically.

The Main Menu opens.

3. In the Main Menu, type 3 and press Enter.

The Registry will now be updated.

The configuration change is complete.

The appliance must be rebooted for the changes to take effect.

 How to disable TLS 1.1...

1. Launch the SecureAuth Crypto Tool at D:\MFCApp_Bin\Extras\CryptoTool\CryptoTool.bat

The splash page for the tool appears. The page advances automatically in 5 seconds, or the spacebar can be pressed to advance manually.

2. If the terms are accepted, type AGREE at the prompt and press Enter. If the terms are not accepted, press Enter and the script exits automatically.

The Main Menu opens.

3. In the Main Menu, type 4 and press Enter.

The Registry will now be updated.

The configuration change is complete.


The appliance must be rebooted for the changes to take effect.

Use these instructions to enable or disable the TLS 1.2 protocol.

 

 How to enable TLS 1.2...

1. Launch the SecureAuth Crypto Tool at D:\MFCApp_Bin\Extras\CryptoTool\CryptoTool.bat

The splash page for the tool appears. The page advances automatically in 5 seconds, or the spacebar can be pressed to advance manually.

2. If the terms are accepted, type AGREE at the prompt and press Enter. If the terms are not accepted, press Enter and the script exits automatically.

The Main Menu opens.

3. In the Main Menu, type 5 and press Enter.

The Registry will now be updated.

The configuration change is complete.

The appliance must be rebooted for the changes to take effect.

 How to disable TLS 1.2...

1. Launch the SecureAuth Crypto Tool at D:\MFCApp_Bin\Extras\CryptoTool\CryptoTool.bat

The splash page for the tool appears. The page advances automatically in 5 seconds, or the spacebar can be pressed to advance manually.

2. If the terms are accepted, type AGREE at the prompt and press Enter. If the terms are not accepted, press Enter and the script exits automatically.

The Main Menu opens.

3. In the Main Menu, type 5 and press Enter.

The Registry will now be updated.

The configuration change is complete.

The appliance must be rebooted for the changes to take effect.

  • No labels