For a Mediasite deployment to be fully compliant with TLS 1.2, all the Mediasite Servers (e.g. Web, Media and Job Farm Servers) must be running Mediasite version 7.2.2 or higher and configured to use TLS 1.2.
Mediasite Application Server(s) Configuration
1. Enable TLS 1.2 to the registry if needed
Once enabled this adds TLS 1.2 as an available protocol. However, it may not be necessary in Windows Server 2016 / 2019.
1. Start the registry editor by clicking on Start and Run. Type in “regedit” into the Run – Note: You will be editing the registry. This could have detrimental effects on your computer if done incorrectly. It is strongly advised to make a backup.
2. Browse to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
3. Right click on the Protocols folder and select New and then Key from the drop-down menu. This will create new folder. Rename this folder to TLS 1.2.
4. Right click on the TLS 1.2 key and add two new keys underneath it.
5. Rename the two new keys as:
-
- Client
- Server
6. Right click on the Client key and select New and then DWORD (32-bit) Value from the drop-down list.
7. Rename the DWORD to DisabledByDefault.
8. Right-click the name DisabledByDefault and select Modify from the drop-down menu.
9. Ensure that the Value data field is set to 0 and the Base is Hexadecimal. Click on OK.
10. Create another DWORD for the Client key as you did in Step 6
11. Rename this second DWORD to Enabled.
12. Right-click the name Enabled and select Modify from the drop-down menu.
13. Ensure that the Value data field is set to 1 and the Base is Hexadecimal. Click on OK.
14. Repeat steps 6 to 13 for the Server key (by creating two DWORDs, DisabledByDefault and Enabled, and their values underneath the Server key).
Registry values that are added or changed to enable TLS 1.2:
2. Configure .NET to use strong cryptography to the registry if needed
By configuring .NET to use strong cryptography this enables TLS 1.2 for .NET applications. Even if .NET 4.7 is installed it must be configured to enable TLS 1.2.
1. Start the registry editor by clicking on Start and Run. Type in “regedit” into the Run – Note: You will be editing the registry. This could have detrimental effects on your computer if done incorrectly. It is strongly advised to make a backup.
2. Browse to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319.
3. Right click on the 0.30319 key and select New and then DWORD (32-bit) Value from the drop-down list.
4. Rename the DWORD to SchUseStrongCrypto.
5. Right-click the name SchUseStrongCrypto and select Modify from the drop-down menu.
6. Ensure that the Value data field is set to 1 and the Base is Hexadecimal. Click on OK.
7. Browse to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319.
8. Right click on the 0.30319 key and select New and then DWORD (32-bit) Value from the drop-down list.
9. Rename the DWORD to SchUseStrongCrypto.
10. Right-click the name SchUseStrongCrypto and select Modify from the drop-down menu.
11. Ensure that the Value data field is set to 1 and the Base is Hexadecimal. Click on OK.
Registry values that are added or changed to enable .NET to use strong crypto:
3. Reboot the server(s)
4. Repeat these steps on all Mediasite servers (e.g. Web, Media and Job Farm Servers)
Was this Information helpful?
Let us know if you found this lesson helpful. That’s the only way we can improve.