1. Forum
  2. USENET
  3. news.software.readers

  • [Forte Agent] Notice: Forte Agent and the latest SSL/TLS protocols

    From Ralph Fox@-rf-nz-@-.invalid to news.software.readers on Mon Mar 2 14:58:54 2026
    From Newsgroup: news.software.readers

    *** NOTICE FOR FORTE AGENT USERS ***

    Forte Agent 3.2 - 8.0 needs only a small configuration change to
    support the latest SSL/TLS protocols.

    If you get an SSL error 80090302 with a server, then most likely
    you need this configuration change.

    -a-a-a In the [Online] section of AGENT.INI,
    -a-a-a change the setting 'AllowedSSLProtocols' from this: -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=0

    -a-a-a to one of these:
    -a-a-a-a * In Windows 11, and in Windows 10 version 1903 and later, -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=10880
    -a-a-a-a-a-a This will configure Agent to support TLS1.2 and TLS1.3.

    -a-a-a-a * In Windows 8.1 (and old Windows 10 older than 1903) -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=2688
    -a-a-a-a-a-a This will configure Agent to support TLS1.2.
    -a-a-a-a-a-a These versions of Windows will not support TLS1.3.

    If you are running Windows XP, 7, or Vista

    -a-a-a Agent uses the Windows implementation of SSL/TLS. These versions
    -a-a-a of Windows did not support either TLS1.2 or TLS1.3.

    -a-a-a There are fixes on the Internet to reportedly enable TLS1.2 in
    -a-a-a these operating systems. You would need to both apply these fixes -a-a-a to your OS and then make the configuration change in Agent.

    -a-a-a I have not tried these fixes myself, so I cannot personally advise -a-a-a how well they work.


    EXPLANATION

    -a-a-a When AllowedSSLProtocols=0, Windows implicitly supports a default
    -a-a-a set of SSL/TLS protocols. Microsoft has decided that Windows will -a-a-a only support the latest SSL/TLS protocols when they are *explicitly* -a-a-a requested.

    -a-a-a For Agent to explicitly request SSL/TLS protocols, set
    -a-a-a AllowedSSLProtocols to a sum of the following numbers:
    -a-a-a-a-a-a-a-a 128 -a-a-a-a TLS1.0
    -a-a-a-a-a-a-a-a 512 -a-a-a-a TLS1.1
    -a-a-a-a-a-a-a 2048 -a-a-a-a TLS1.2
    -a-a-a-a-a-a-a 8192 -a-a-a-a TLS1.3 -a (not supported in Windows 8.1 or earlier)
    --
    Kind regards
    Ralph Fox
    EfaeN+A

    Nothing of moment can be done without necessary helps, or convenient means.
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From VanguardLH@V@nguard.LH to news.software.readers on Sun Mar 1 20:10:19 2026
    From Newsgroup: news.software.readers

    Ralph Fox <-rf-nz-@-.invalid> wrote:

    *** NOTICE FOR FORTE AGENT USERS ***

    Forte Agent 3.2 - 8.0 needs only a small configuration change to
    support the latest SSL/TLS protocols.

    If you get an SSL error 80090302 with a server, then most likely
    you need this configuration change.

    -a-a-a In the [Online] section of AGENT.INI,
    -a-a-a change the setting 'AllowedSSLProtocols' from this: -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=0

    -a-a-a to one of these:
    -a-a-a-a * In Windows 11, and in Windows 10 version 1903 and later, -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=10880
    -a-a-a-a-a-a This will configure Agent to support TLS1.2 and TLS1.3.

    -a-a-a-a * In Windows 8.1 (and old Windows 10 older than 1903) -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=2688
    -a-a-a-a-a-a This will configure Agent to support TLS1.2.
    -a-a-a-a-a-a These versions of Windows will not support TLS1.3.

    If you are running Windows XP, 7, or Vista

    -a-a-a Agent uses the Windows implementation of SSL/TLS. These versions -a-a-a of Windows did not support either TLS1.2 or TLS1.3.

    -a-a-a There are fixes on the Internet to reportedly enable TLS1.2 in
    -a-a-a these operating systems. You would need to both apply these fixes -a-a-a to your OS and then make the configuration change in Agent.

    -a-a-a I have not tried these fixes myself, so I cannot personally advise -a-a-a how well they work.

    EXPLANATION

    -a-a-a When AllowedSSLProtocols=0, Windows implicitly supports a default -a-a-a set of SSL/TLS protocols. Microsoft has decided that Windows will -a-a-a only support the latest SSL/TLS protocols when they are *explicitly* -a-a-a requested.

    -a-a-a For Agent to explicitly request SSL/TLS protocols, set
    -a-a-a AllowedSSLProtocols to a sum of the following numbers: -a-a-a-a-a-a-a-a 128 -a-a-a-a TLS1.0
    -a-a-a-a-a-a-a-a 512 -a-a-a-a TLS1.1
    -a-a-a-a-a-a-a 2048 -a-a-a-a TLS1.2
    -a-a-a-a-a-a-a 8192 -a-a-a-a TLS1.3 -a (not supported in Windows 8.1 or earlier)

    Odd Forte Agent does not negotiate to a supported protocol by the
    server. Or afford a choice of protocol in the user config screens for
    defining the server.
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From Ralph Fox@-rf-nz-@-.invalid to news.software.readers on Tue Mar 3 07:17:33 2026
    From Newsgroup: news.software.readers

    On Sun, 1 Mar 2026 20:10:19 -0600, VanguardLH wrote:
    Ralph Fox <-rf-nz-@-.invalid> wrote:

    *** NOTICE FOR FORTE AGENT USERS ***

    Forte Agent 3.2 - 8.0 needs only a small configuration change to
    support the latest SSL/TLS protocols.

    If you get an SSL error 80090302 with a server, then most likely
    you need this configuration change.

    -a-a-a In the [Online] section of AGENT.INI,
    -a-a-a change the setting 'AllowedSSLProtocols' from this:
    -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=0

    -a-a-a to one of these:
    -a-a-a-a * In Windows 11, and in Windows 10 version 1903 and later,
    -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=10880
    -a-a-a-a-a-a This will configure Agent to support TLS1.2 and TLS1.3.

    -a-a-a-a * In Windows 8.1 (and old Windows 10 older than 1903)
    -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=2688
    -a-a-a-a-a-a This will configure Agent to support TLS1.2.
    -a-a-a-a-a-a These versions of Windows will not support TLS1.3.

    If you are running Windows XP, 7, or Vista

    -a-a-a Agent uses the Windows implementation of SSL/TLS. These versions
    -a-a-a of Windows did not support either TLS1.2 or TLS1.3.

    -a-a-a There are fixes on the Internet to reportedly enable TLS1.2 in
    -a-a-a these operating systems. You would need to both apply these fixes
    -a-a-a to your OS and then make the configuration change in Agent.

    -a-a-a I have not tried these fixes myself, so I cannot personally advise
    -a-a-a how well they work.

    EXPLANATION

    -a-a-a When AllowedSSLProtocols=0, Windows implicitly supports a default
    -a-a-a set of SSL/TLS protocols. Microsoft has decided that Windows will
    -a-a-a only support the latest SSL/TLS protocols when they are *explicitly* >> -a-a-a requested.

    -a-a-a For Agent to explicitly request SSL/TLS protocols, set
    -a-a-a AllowedSSLProtocols to a sum of the following numbers:
    -a-a-a-a-a-a-a-a 128 -a-a-a-a TLS1.0
    -a-a-a-a-a-a-a-a 512 -a-a-a-a TLS1.1
    -a-a-a-a-a-a-a 2048 -a-a-a-a TLS1.2
    -a-a-a-a-a-a-a 8192 -a-a-a-a TLS1.3 -a (not supported in Windows 8.1 or earlier)

    Odd Forte Agent does not negotiate to a supported protocol by the
    server.

    Forte Agent does negotiate.
    -a*-a You specify, implicitly or explicitly, a set of SSL protocols
    -a-a-a the client OS supports.
    -a*-a It negotiates to one of the set supported by the server.


    Or afford a choice of protocol in the user config screens for
    defining the server.

    Better to specify the set of protocols the client supports, and
    negotiate the choice of protocol with each server. That way,
    you do not need a separate setting for each server.
    --
    Kind regards
    Ralph Fox
    EfaeN+A

    Digrif gan bob aderyn ei lais ei hun.
    --- Synchronet 3.21d-Linux NewsLink 1.2