[BUG?] TLS Security - Break Battle.net Launcher

Question

[BUG?] TLS Security - Break Battle.net Launcher

Tumeez opened this issue a year ago · 4 comments

I noticed that TLS Security breaks Battle.net Launcher.

Virtual Machine: VMWare Workstation Pro 17.0.2 // Win 11 Enterprise 22H2 fresh installed, including all updates up-to-date.

After I apply TLS Security part, the machine can't connect to Battle.net anymore. I test every combination, other parts are okay with Battle.net.

Answer 1 · 2023-05-13T19:01:11.000Z

Hi,
Please take a look at this thread:
#28

Another user had the same problem. Battle.net requires an old cipher suite which is not very secure and the TLS category disables it, but nevertheless, you can enable it again by running this in an elevated PowerShell:

Enable-TlsCipherSuite -Name "TLS_RSA_WITH_AES_256_CBC_SHA"

Please let me know if that fixes your problem. If it does, I will temporarily move it from TLS category to TopSecurity category since it's causing inconvenience for users, when Battle.net stops using that cipher suite, then I'll return it back to the TLS category.

Answer 2 · 2023-05-13T19:42:35.000Z

Hi, Please take a look at this thread: #28

Another user had the same problem. Battle.net requires an old cipher suite which is not very secure and the TLS category disables it, but nevertheless, you can enable it again by running this in an elevated PowerShell:
Enable-TlsCipherSuite -Name "TLS_RSA_WITH_AES_256_CBC_SHA"
Please let me know if that fixes your problem. If it does, I will temporarily move it from TLS category to TopSecurity category since it's causing inconvenience for users, when Battle.net stops using that cipher suite, then I'll return it back to the TLS category.

Test it with my virtual machine. Works very well. After that command, Battle.net launcher works like meant.

Answer 3 · 2023-05-13T19:58:15.000Z

Great thanks, updated the script with the change 🙂

Answer 4 · 2023-05-20T14:39:39.000Z

Just a heads up, the script is enforcing a tighter TLS security settings after more careful research.

I've added a warning message to be shown before running the TLS category so that users with Battle.net client can see it and skip the category.

I've also tweeted at them about this issue: https://twitter.com/SpyNetGirl/status/1659872718806822916

If you still enable the TLS category, you can either add that TLS cipher suite manually to the end of the string in Group policy or completely disable the Group policy: