How do I disable TLS 1.0 without breaking RDP?

Solution 1:

Microsoft released the patch for this problem Sep 15, 2015


Solution 2:

I have been looking into this for a couple of days now as we to have to comply with PCI-DSS 3.1 which requires TLS 1.0 to be disabled.

We also do not want to fall back to RDP Security Layer which is a major security concern.

I have finally managed to find some documentation that confirms that TLS 1.1 and TLS 1.2 ARE supported by RDP. This documentation is hidden away in an SChannel logging and a very detailed specification for RDP.

There is a complete lack of main stream documentation on Technet or other Microsoft sites it seems so hopefully documenting this here may help some people.

Relevant extracts from the links provided:

From the MSDN link:

"RDP supports four External Security Protocols: TLS 1.0 ([RFC2246]) TLS 1.1 ([RFC4346])<39>, TLS 1.2 ([RFC5246])<40>"

From the RDP specification PDF:

"When Enhanced RDP Security is used, RDP traffic is no longer protected by using the techniques
described in section 5.3. Instead, all security operations (such as encryption and decryption, data
integrity checks, and Server Authentication) are implemented by one of the following External
Security Protocols:
TLS 1.0 (see [RFC2246])
TLS 1.1 (see [RFC4346])
TLS 1.2 (see [RFC5246])
CredSSP (see [MS-CSSP])"

"<39> Section 5.4.5: TLS 1.1 is not supported by Windows NT, Windows 2000 Server, Windows XP,
Windows Server 2003, Windows Vista and Windows Server 2008.
<40> Section 5.4.5:  TLS 1.2 is not supported by Windows NT, Windows 2000 Server, Windows XP,
Windows Server 2003, Windows Vista, and Windows Server 2008"

Therefore one would conclude that you can use TLS 1.1 or 1.2 on Windows Server 2008 R2 according to this documentation.

However our testing has proved this DOES NOT work from the Windows 7 RDP client (version 6.3.9600) when TLS 1.0 is disabled and RDP security option is set to require TLS 1.0.

This is of course as well as enabling TLS 1.1 and 1.2 which are off by default on 2008R2 - incidentally we do this using the very useful IIS Crypto Tool from Nartac Software.

When looking at this issue it is useful to enable SChannel logging to see the more details of what is happening when your session is opened.

You can set SChannel logging by changing the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\EventLogging key to 5 and rebooting.

Once this has been done you can observe SChannel events which show the TLS version being used when an RDP connection is made. Once logging is enabled, you can observe the SChannel error when the RDP client tries to establish a connection on Windows 2008 R2 with TLS 1.0 disabled:

A fatal error occurred while creating an SSL server credential. The internal error state is 10013.

I have also tested disabling TLS 1.0 on Windows Server 2012 and 2012 R2 which I can confirm works perfectly using the Windows 7 RDP Client. SChannel log entry shows TLS 1.2 being used:

An SSL server handshake completed successfully. The negotiated cryptographic parameters are as follows.

   Protocol: TLS 1.2
   CipherSuite: 0xC028
   Exchange strength: 256

I hope this helps someone who is looking for clarification on this.

I will continue to look for how we might get RDP working over TLS 1.1 and TLS 1.2 in Windows Server 2008 R2.

UPDATE: 2015-AUG-05

We raised the issue of RDP not working with Server 2008 R2 with Microsoft support including steps to reproduce.

After several weeks of backwards and forwards we finally received a phone call today from the support team to acknowledge that they could indeed reproduce it and this is now categorized as a bug. An update patch will be released, at the moment this is expected this in October 2015. As soon as I have a KB article or other details I will add them to this post.

Hopefully those stuck with Windows Server 2008 R2 can at least get this resolved before the deadline of June 2016 once the patch is released.

UPDATE: 19th September 2015

Microsoft have finally released a kb support article about this here and I can confirm that it works OK.

Solution 3:

Use IPsec instead, as the document recommends: "Setting up a strongly-encrypted session first (e.g. IPsec tunnel), then sending data over SSL within secure tunnel "

The main reason to do this over configuring TLS for RDP is that the firewall policy is easily audited for compliance (vs proving a buch of registry changes are compliant) and IPsec is pretty easy to configure in windows.

If you happen to need full suite B compliance IPSEC with tls 1.0 is the only way available to apply to appropriate certificate lengths

Solution 4:

This is not an answer to the question, but to the sub-question "How do I restore remote access to a virtual machine where I've disabled TLS 1.0 and with no physical access?".

I disabled TLS 1.0 using IISCrypto, which gave a useful warning about the side effect that RDP will stop working if it is set to TLS. So I checked in:

Admin Tools\Remote Desktop Services\Remote Desktop Session Host Configuration, RDP-Tcp, General Tab, Security Layer

and my Security Level was set to "Negotiate". I assumed this means if TLS is not available, it would gracefully degrade to RDP Security.

But no, Negotiate doesn't work that way. You have to set Security Level to RDP Security, not Negociate, before you disable TLS 1.0.

So I lost my ability to remote connect to my AWS instance!

To reconnect, I used another AWS instance.

  1. I updated the SecurityGroup to allow firewall connection from that machine to my "lost" machine.
  2. I opened an administrative network share in DOS, with an admin user and password:

net use \\lost_machine_ip\c$

  1. Then I opened Regedit, and in File menu, choose "Connect Network Registry" and put in the IP of the "lost" server. You should see the remote server registry. Go to :

\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\

and set the value for SecurityLayer to 0 (0 is RDP Security).

You will then be able to remote connect, and reenable TLS 1.0 in IISCrypto if required.

Solution 5:

You will need to install RDP 8.0 on your Windows 7 computers and Windows Server 2008 R2 servers, and then enable RDP 8.0 on the local computer policy or group policy.

Here is the Microsoft KB for the RDP 8.0.

Once this is done you should be able to disable TLS 1.0 on the computers and servers by editing the registry as instructed in this technet article.

After installing RDP 8.0 you can also install RDP 8.1, but RDP 8.0 must be installed prior to installing RDP 8.1. RDP 8.0 contains both the client and server-side protocol components, but RDP 8.1 only includes the client. The Microsoft KB for RDP 8.1 is KB2830477.

I made these changes on one of my windows 7 workstations and tested the RDP connections with the "Require use of specific security layer for remote (RDP) connections" Group Policy setting enabled and set to "SSL (TLS 1.0)" to ensure that it would not fall back to RDP Encryption.

UPDATE 6/19/2015:

I finally got a chance to test this on one of our Windows Server 2008 R2 servers, and it definitely breaks RDP connections to the server. It seems that the RDP 8.0 server-side components are only installed on Windows 7 computers, and do not get installed on Windows Server 2008 R2 servers.