Controlling HTTPS Communication Security Protocols

The Riva synchronization service uses the TLS 1.0 mechanism by default and does not allow the older SSL v3.

Riva does not connect to a host that supports only SSL v3, unless Riva is specifically reconfigured to use SSL v3. (See Set a specific security protocol.)

Contents

• Which version of TLS does Riva use by default?
• Which security protocol types does Riva support?
• Set a specific security protocol.
• Determine which versions of SSL/TLS are enabled on a target HTTPS host.
• Related articles.

Which Version of TLS Does Riva Use by Default?

Newer versions of Riva automatically enable the newer versions of TLS, as long as they are supported by the underlying operating system.

Auto-enabling versions

If the system requirements for newer versions of TLS have been met, the following versions of Riva auto-enable support for TLS 1.2, TLS 1.1 and TLS 1.0:

• 2.4.42 (rev.28021) or newer.
• 2.4.41 (rev.28022) or newer.
• 2.4.40 (rev.28023) or newer.
• 2.4.39 (rev.28024) or newer.

Previous versions:

For prior versions of Riva up to and including 2.4.38, all connections are made by using TLS 1.0.

If you require TLS 1.2 or TLS 1.1, do as follows:

1. Upgrade to Microsoft .NET Framework 4.5.2.

2. Configure Riva to use the Microsoft .NET Framework 4.5.

3. Do one of the following:

   • Upgrade Riva to an auto-enabling version, or

   • Manually enable TLS 1.2 and TLS 1.1 support. For instructions, see Set a specific security protocol.

Which Security Protocol Types Does Riva Support?

Riva uses the Microsoft .NET Framework as the underlying technology framework. This framework leverages the Microsoft Security Support Provider Interface (SSPI), which defines the secure channel sub-system of the underlying Windows operating systems.

Secure Channel, also known as Schannel, is a security support provider (SSP) that contains a set of security protocols that provide identity authentication and secure, private communication through encryption.

Schannel is primarily used for Internet applications that require secure Hypertext Transfer Protocol (HTTP) communications.

Both Secure Sockets Layer Protocol (SSL) and Transport Layer Security Protocol (TLS) are supported by Windows and, therefore, are compatible with Riva.

For a list of supported TLS 1.0 cipher suites for Windows Server 2008/Vista, see Cipher Suites in Schannel.

The following operating systems do not support TLS 1.2 or TLS 1.1: Windows 2003 and Windows XP.

For a full breakdown of secure libraries and their supported protocols, see this Wikipedia article.

Set a Specific Security Protocol

By default, the Riva synchronization process uses the TLS 1.0 security protocol.

To force Riva to use a specific security protocol

• Set the following advanced option in the Application Settings for the service.

  ServicePointManager.SecurityProtocol = [value]

  where [value] is one of the following:

  • One of the values in the Security Protocol column in the previous table (Ssl3, Tls, Tls11, or Tls12)

  • 4032, to allow all of these TLS versions: 1.0, 1.1, and 1.2

  Note: To allow only TLS 1.0, set [value] to Tls.

If the following error is received: "System.NotSupportedException: The requested security protocol is not supported.", use the named parameters instead of the numeric values.

Determine Which Versions of SSL/TLS Are Enabled on a Target HTTPS Host

If the host is connected to the internet and can receive HTTPS communication, a simple way to determine which security protocols are supported by the host is to run an SSL Test. See https://www.ssllabs.com/ssltest/.

Related Articles

How to Determine the Cipher Suite for the Server and Client - http://support.microsoft.com/kb/299520

Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2 - http://support.microsoft.com/kb/2929781

Test: SSL/TLS Capabilities of Your Browser - https://www.ssllabs.com/ssltest/viewMyClient.html