Reports Builder and TLS 1.2

With the recent security problems found with TLS 1.0 and 1.1, you may find that you want to disable those protocols; allowing only connections over TLS 1.2.

99% of the time this is fine and everything just works but as always, there's always something. For us, that "something" was MS Reports Builder.

The application I work on allows end users to write their own reports using MS Reports Builder. This connects to the SSRS reports server via a web service and if your reports server is in the cloud somewhere, accessing it over HTTPS is certainly recommended.

Turning off TLS 1.0 and 1.1 will make that HTTPS connection more secure, forcing it to use TLS 1.2, the problem however is that Reports Builder is not a fan of that. You'll get the following error.

The reason for this is that Reports Builder is built with a version of the .NET framework that didn't originally support TLS 1.2. Updates to the .NET framework has enabled TLS 1.2 but unless programmatically told to, an application won't use it. We obviously can't change the code that Reports Builder uses. That's a Microsoft product that we can't affect but there is a solution...

Making the following changes to your registry will force the application to use TLS 1.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

And with that... Reports Builder will come back to life and will use the more secure protocol to communicate with the report server, fixing the problem once and for all.