Knowledge Base

Set TLS and SSL settings for Ion-managed applications

Applies to

Ion 3.0 and above.

Summary

Some legacy web applications utilize web servers which may not properly specify secure protocol versions, or may specify versions that are should not be supported by default due to security policies. Ion v3 enables the ability to ensure secure protocols are enabled for only managed applications, leaving unmanaged applications untouched and secure.

Details

Controlling SSLv3 settings (or all secure protocol settings) is straightforward and easy with Ion v3. Simply add a Custom Registry setting to an existing Profile following this example:

  1. 1) Open the Custom Registry Manager node for the Profile. This example is using an Adaptive IE Quirks Profile, but SSLv3 (or any secure protocol) can be enabled for any Profile type.set-sslv3-1
  2. 2) Click ‘Add Custom Registry Entry’ and create an entry for the node “HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Internet Settings”. The value name is SecureProtocols, and the Type is REG_DWORD.set-sslv3-2
  3. Create a Rule to load this Profile and save the Project file.

Note: This example only provides guidance on setting the SSLv3 values. Since SecureProtocols is a bitmask of what secure protocols are supported, additional protocols would be controlled by changing the Value Data using the following:

  • The SSLv2 flag is 8 (0x008)
  • The SSLv3 flag is 32 (0x020)
  • The TLSv1 flag is 128 (0x080)
  • The TLSv1.1 flag is 512 (0x200)
  • The TLSv1.2 flag is 2048 (0x800)

To enable all protocols, set the value to 0xAA8.

Posted in: Ion Knowledge Base,

  • Share:  

Request Demo

Internet Explorer End of Life problems?Learn More