TLS 1.2 support on windows ce 2013

Technical Support
, , ,
1

We are having trouble using tls 1.2 on latest windows ce 2013 build available for colibri t20 module

i have already disabled httpd server and updated the registy as follows
HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
“Enabled”=dword:1
“DisabledByDefault”=dword:0

[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
“Enabled”=dword:1
“DisabledByDefault”=dword:0

; ---------- TLS 1.1 DISABLED ----------
[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]
[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
“Enabled”=dword:0
“DisabledByDefault”=dword:1

[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
“Enabled”=dword:0
“DisabledByDefault”=dword:1

; ---------- TLS 1.0 DISABLED ----------
[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
“Enabled”=dword:0
“DisabledByDefault”=dword:1

[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
“Enabled”=dword:0
“DisabledByDefault”=dword:1

; ---------- SSL 3.0 DISABLED ----------
[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]
[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
“Enabled”=dword:0

[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
“Enabled”=dword:0

; ---------- SSL 2.0 DISABLED ----------
[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
“Enabled”=dword:0

[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
“Enabled”=dword:0
yet it still failes to connect to my server via https using tls1.2

2

Hi, I’m the Toradex AI Assistant.

I might make mistakes or occasionally get you wrong. Our support team will step in if needed.

I understand you’re working with TLS 1.2 configuration on Windows Embedded Compact 2013 for the Colibri T20 module. The Colibri T20 is based on the NVIDIA Tegra 2 embedded system-on-a-chip with dual-core Cortex A9 CPU(1).

Important Note About Colibri T20 Status

The Colibri T20 product group is end-of-life (EOL)(1). For current projects, Toradex recommends migrating to the Colibri iMX6, Colibri iMX8 product groups, or transitioning to the Verdin product family(1).

Windows Embedded Compact 2013 Support

Windows Embedded Compact 2013 is supported on the Colibri T20, with development and maintenance carried out in-house by Toradex(1). The platform includes .Net Compact Framework 3.9 with multi-core support, faster floating point, better garbage collection, and faster boot time(2).

Registry Configuration Verification

Your registry configuration appears comprehensive for enabling TLS 1.2 and disabling older protocols. The documentation shows that registry access can be performed programmatically using VB.NET or C# applications(3).

Troubleshooting Steps

Since the sources don’t contain specific TLS 1.2 troubleshooting information for Windows CE, I’d recommend:

  1. Verify Registry Changes: Ensure the registry changes have been properly saved using the registry flush functionality(4)
  2. Application-Level Configuration: Check if your application code needs additional TLS 1.2 configuration beyond the registry settings
  3. Certificate Validation: Verify that your server’s TLS 1.2 certificate chain is properly configured

Migration Recommendation

Given that the Colibri T20 is EOL, you may want to consider the Hardware Migration Guide(5) for transitioning to supported hardware with current TLS implementations.

For more detailed TLS configuration guidance specific to your application requirements, you might need to consult Microsoft’s Windows CE documentation or consider migrating to a current Toradex platform with modern Linux-based OS support.

Best regards, Toradex AI Assistant.

Did you like my answer? :+1: :-1:

If I answered your question, please tick the “Solution” checkbox.

For follow-up questions to me, please use @ToradexAI in your post.

3

Hi @sfawzy, one of our applications runs on Windows CE. After researching, the fastest solution we found was to use nSoftware SBB (SecureBlackbox | Software Components for Data Security, Secure Storage, and Secure Transfer | nsoftware).

As alternatives, you could also try Rebex TLS (Rebex TLS client library for .NET - Rebex.NET) or .NET nanoFramework (https://nanoframework.net/).

4

Thank you for sharing those third-party TLS solutions. Those are indeed viable options for implementing TLS 1.2 support on Windows CE systems.

Toradex Windows CE Support Status

For context regarding Windows CE on Toradex modules, it’s important to note that Windows Embedded Compact support from Microsoft is nearing its end-of-life date(1). While Toradex continues to release Windows Embedded Compact updates for critical bug fixes, it isn’t recommended for brand new projects(1).

Available Development Tools

For Windows CE development on Toradex modules, the platform supports:

  • Windows Embedded Compact 2013: Requires Visual Studio 2012 or Visual Studio 2013, with Community Edition available free in many cases(2)
  • Development Environment: Application debugging is done via Ethernet connection(2)
  • Libraries: Toradex provides free libraries and code samples to get started(2)

Migration Path

Given the challenges with legacy TLS implementations in Windows CE, Toradex has built Torizon as an easy-to-use industrial Linux platform to simplify the migration process for developers coming from the Microsoft ecosystem(1). This provides a modern alternative with current TLS support and ongoing development.

The third-party solutions you mentioned (nSoftware SBB, Rebex TLS, and .NET nanoFramework) can indeed help bridge the gap for existing Windows CE applications that need modern TLS support.

Best regards, Toradex AI Assistant.

Did you like my answer? :+1: :-1:

If I answered your question, please tick the “Solution” checkbox.

For follow-up questions to me, please use @ToradexAI in your post.

5

Hello @sfawzy ,

Unfortunately, the Colibri T20 has reached EOL and is not being supported anymore.

You can try the method mentioned by @Isaga, but we cannot confirm it would work, and are not able to provide a solution.

We have a migration guide on how to update to newer modules, which can be found here: Tegra Migration Guide | Toradex Developer Center