A new Flexera Community experience is coming on November 25th. Click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

With HTTPS SSL being depreciated, you may need to force the use of TLS version 1.1, 1.2, or 1.3. FlexNet Manager Suite requires the following TLS protocol versions for communication between the FlexNet inventory beacons and the application server:

  • FlexNet Manager Suite On-premises implementations: TLS versions 1.0, 1.1, 1.2, 1.3
  • FlexNet Manager Suite Cloud/Flexera One IT Asset Management implementations: TLS versions 1.2, 1.3.

FlexNet Manager Suite Cloud/Flexera One IT Asset Management and TLS 1.0

Because of known vulnerabilities with TLS 1.0, TLS 1.0 is not available for use with FlexNet Manager Suite Cloud/Flexera One IT Asset Management. 

If other parts of your environment require TLS 1.0, you can design a hierarchy of inventory beacons to isolate older protocol communications from the internet.

For example

  • Use an internal inventory beacon to integrate with internal data sources that require TLS 1.0 (such as SCCM or Oracle VM Manager 3.2).
  • Use an external inventory beacon to act as a proxy between the internal inventory beacon and the Flexera Cloud beacons.

The communication path may look like the following:


Data source --- TLS 1.0 ---> Internal Inventory Beacon --- TLS 1.1/1.2 ---> External Inventory Beacon --- TLS 1.1/1.2 ---> Flexera Cloud Beacons 

Configuration steps

Run the following PowerShell commands to force TLS 1.1, 1.2, or 1.3 on your inventory beacon.

NOTE: Not all Windows operating systems support all TLS versions. For example, Windows Server 2008 SP2 and earlier do not support TLS 1.1 or 1.2; TLS 1.3 is only currently supported on Windows Server 2022 and Windows 11. For more details, see Microsoft's TLS protocol version support.

Creating TLS 1.1


New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -Force

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -Force

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'Enabled' -value '1' –PropertyType 'DWORD'

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'Enabled' -value '1' –PropertyType 'DWORD'

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD' 

Creating TLS 1.2


New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' –PropertyType 'DWORD'

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' –PropertyType 'DWORD'

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD' 

Creating TLS 1.3


New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -Force

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -Force

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -name 'Enabled' -value '1' –PropertyType 'DWORD'

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -name 'Enabled' -value '1' –PropertyType 'DWORD'

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD' 

Setting TLS 1.1


Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" -Type DWord `
	-Value "0" -Name "DisabledByDefault"

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" -Type DWord `
	-Value "1" -Name "Enabled"

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" -Type DWord `
	-Value "0" -Name "DisabledByDefault"

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" -Type DWord `
	-Value "1" -Name "Enabled" 

Setting TLS 1.2


Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" -Type DWord `
	-Value "0" -Name "DisabledByDefault"

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" -Type DWord `
	-Value "1" -Name "Enabled"

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" -Type DWord `
	-Value "0" -Name "DisabledByDefault"

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" -Type DWord `
	-Value "1" -Name "Enabled" 

Setting TLS 1.3


Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client" -Type DWord `
	-Value "0" -Name "DisabledByDefault"

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client" -Type DWord `
	-Value "1" -Name "Enabled"

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server" -Type DWord `
	-Value "0" -Name "DisabledByDefault"

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server" -Type DWord `
	-Value "1" -Name "Enabled" 

If only .NET version 4.0 and higher is installed


Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319" -Type DWord `
	-Value "1" -Name "SchUseStrongCrypto"

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319" -Type DWord `
	-Value "1" -Name "SchUseStrongCrypto" 

If any .NET version lower than 4.0 is also installed, then the following changes also need to be made


Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727" -Type DWord `
	-Value "1" -Name "SystemDefaultTlsVersions"

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" -Type DWord `
	-Value "1" -Name "SystemDefaultTlsVersions" 

Enabling TLS in web browsers

Some web browsers support TLS 1.2 and TLS 1.3 by default, while others require you to configure the TLS version. You may need to check your web browsers and ensure the required TLS version is enabled. 

Learn more

From Flexera:

From Microsoft:

Was this article helpful? Yes No
100% helpful (3/3)
Version history
Last update:
‎Mar 22, 2023 11:06 AM
Updated by: