Symptoms
You need to disable old SSL/TLS protocols (TLS 1.0, 1.1) and enable new ones on your Office 365 Application Endpoint Host.
Cause
Old SSL/TLS protocols have security vulnerabilities.
Resolution
How To Enable New SSL/TLS Protocols At The Office 365 Application Endpoint Level (For Outgoing Connections Only)
By default, only SSL 3.0 and TLS 1.0 are enabled. For example, to enable TLS 1.2, you must update the Windows Registry in the following way:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001
You can update the Windows Registry by using regedit or by using the configure_ssl_net_framwork.reg file from configure_ssl_net_framwork.zip.
Note: If these registry settings do not exist, you must create them.
To learn more about these registry settings, please refer to this article.
How To Disable Old SSL/TLS Protocols At The Windows Host Level
Old SSL/TLS protocols should be disabled via SCHANNEL registry settings:
[HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\<VERSION>\Client] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\<VERSION>\Server] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001
<VERSION> is a protocol version (SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, or TLS 1.2).
Note that SSL 2.0 is disabled by default, and we recommend that you disable SSL 3.0 and TLS 1.0.
Note: If these registry settings do not exist, you must create them.
To learn more about these registry settings, please refer to this article.
Important: Before disabling old SSL/TLS protocols on your Office 365 Application Endpoint Host, make sure that new SSL/TLS protocols work for your Odin Automation version.