How to Enable TLS 1.1 and TLS 1.2 in Windows Server
Howto Tutorials (EN)

Enable TLS 1.1 and TLS 1.2 on Windows Server 2008 R2 SP1

Home  »  Howto Tutorials (EN)   »   Enable TLS 1.1 and TLS 1.2 on Windows Server 2008 R2 SP1
Leave a comment
5
(2)

SSL vulnerabilities discovered by the Google team in the SSLv3 protocol do not allow the use of SSLv3, TLS 1.0 is also deprecated. It is recommended to use TLS 1.1 or TLS 1.2. This article is intended to help enable TLS security in Windows Server 2008 R2 SP1 or later by editing the registry.

In order for TLS 1.1 and TLS 1.2 to be enabled and negotiated on Windows Server 2008 R2 SP1, as described in the Microsoft article “Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows“, the TLS SSL settings must create the entry “DisabledByDefault” in the appropriate subkey (client) and set it to “0”. These subkeys are not created in the registry because these protocols are disabled by default.

Create the subkeys for TLS 1.1 and TLS 1.2

To create the DisabledByDefault DWORD subkeys and set them to 0 without opening Registry Editor, the following lines can be run at a command prompt.

REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" /v "DisabledByDefault" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" /v "Enabled" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v "DisabledByDefault" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v "Enabled" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /v "DisabledByDefault" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /v "Enabled" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v "DisabledByDefault" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v "Enabled" /t REG_DWORD /d "1" /f

After creating the subkeys for TLS 1.1 and TLS 1.2, the system must be restarted for activation.

Transport Layer Security (TLS) 1.2 is the successor to Secure Sockets Layer (SSL) used by endpoint devices and applications to authenticate and encrypt data securely when transferred over a network. TLS protocol is a widely accepted standard used by devices.

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 2

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *