Applications that rely on TLS 1.2 strong encryption experience connectivity failures after a Windows upgrade

Applies to: Microsoft .NET Framework 4.7.2Microsoft .NET Framework 4.7.1Microsoft .NET Framework 4.7 More

This article also applies to the following:

  • Microsoft .NET Framework 3.5

Summary


Customers who run .NET Framework applications that rely on Transport Layer Security (TLS) 1.2, such as Intuit QuickBooks Desktop, may experience connectivity failures after they upgrade their system to a newer version of Windows.

Symptoms


Consider the following scenario:

In this scenario, you observe connectivity failures after the upgrade. The failures may include, but are not limited to, the following exception message and inner exception message:

Cause


This problem occurs because the SchUseStrongCrypto flag is not preserved throughout the Windows upgrade process.

Workaround


To work around this problem, use one of the following methods.

Workaround 1

Re-enable TLS 1.2 support as a machine-wide default protocol by setting the SchUseStrongCrypto registry key flag that has a DWORD value of 1, as follows:

HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node\]Microsoft\.NETFramework\<VERSION>: SchUseStrongCrypto

Note You must add "[Wow6432Node\]"if the application runs as a 32-bit process on a 64-bit operating system, and set <VERSION>to either v4.0.30319 (for .NET Framework 4 and later versions) or v2.0.50727 (for .NET Framework 3.5).

Workaround 2

Enable TLS 1.2 support for your particular application (not machine-wide) by using an AppContext switch in the "<runtime>" section of your config file, as follows:

<runtime>

<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false" />

</runtime>

Note By using this switch, you you can avoid this problem from recurring in future Windows upgrades because the setting will be correctly persisted.

Status


Microsoft has now resolved this issue for some devices. An update is available on Microsoft’s Update Catalog as of August 16, 2018 for those customers who have Intuit QuickBooks installed.

These customers may also check for updates on Windows Update by going to Settings > Update & Security > Windows Update and selecting Check for updates.

For devices that do not have Intuit QuickBooks installed and who are experiencing this issue:  Microsoft is working on a resolution and will provide an update in an upcoming release.