====== TLS1.2 Encryption with HTTPS ======

TLS 1.2. can be set in the eBiss Configurator or via the Registry:

===== eBiss configurator =====

In the eBiss Configurator, you can set the TLS protocol on the settings page under Miscellaneous

This setting was/is mandatory for Windows Server 2012R3, but not for Windows Server 2019. For Windows Server 2019 the following settings in the registry are sufficient. 
following settings in the registry.

You can check the settings with:
<code>
nmap --script ssl-enum-ciphers -p 9086 91.208.5.89
</code>
==== Registry ====

See [[https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-server]].

Some servers only accept** TLS1.2 encryption** for security reasons. 
While most browsers already use this, the **.net framework** often needs to be reconfigured. 
This is done in the **Registry**, where the following values are entered:
<code>
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
</code>

{{:images:sign_warning.png|}}**Note:** There is a corresponding **Registry**((Windows [[wp>Registry Database|]])) file available at:  <code>..\eBiss\StandardTemplates\SystemTools\Tls1.2\TLS1.2 Registry.reg</code>
This can be transferred to the registry with a right mouse click and the context menu command **Merge**. 
Then restart the eBiss service. Then **https** calls should work.