locked
2012 R2 Gateway encryption level between clients and gateway TLS 1.0 encryption level RRS feed

  • Question

  • Hello,

    Is there anyway to change the default level of tls 1.0 for gateway server. I noticed that once I disable tls 1.0 in the registry on the gateway server, windows 7 machines with  RDC 8.1 cannot connect to the gateway. however, win10 machines still can connect. Once I turn tls 1.0 back on win 7 machines can connect great.

    So can i have the gateway use a different encryption level?

    Let me know if i need to provide more details.

    Reference:

    https://technet.microsoft.com/en-us/library/dd320345%28v=ws.10%29.aspx

    "By default TLS 1.0 is used to encrypt communications between Remote Desktop Services clients and RD Gateway servers over the Internet. TLS is a standard protocol that helps to secure Web communications on the Internet or intranets. For TLS to function correctly, you must install an SSL-compatible X.509 certificate on the RD Gateway server."


    **update: So it might not be the gateway that handles that handshake between client and gateway. As I mentioned, I tested connecting from windows 2012 R2 machine. In the logs, the handshakes were tls 1.2 all the way. however, on a win7 with rdc 8.1, it drops back to tls 1.0 on the gateway connection. Not sure why.

    Thoughts?

    • Edited by JaredRP Friday, April 8, 2016 10:42 PM
    Friday, April 8, 2016 8:13 PM

All replies