How to Enable TLS 1.1 and TLS 1.2 in Windows Server
Howto Tutorials (EN)

Enable TLS 1.1 and 1.2 on Windows using REG ADD

Home  »  Howto Tutorials (EN)   »   Enable TLS 1.1 and 1.2 on Windows using REG ADD
Schreibe einen Kommentar
5
(2)

The SSL vulnerabilities discovered in the SSLv3 protocol no longer allow the use and also TLS 1.0. It is recommended to use TLS 1.2 or higher. This post aims to help to increase Windows Server TLS security by editing the registry with REG ADD.

In order for Windows TLS 1.1 and TLS 1.2 to be enabled and negotiated on Windows Server, as described in the Microsoft article:

Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows„.

The TLS SSL settings must create the entry „DisabledByDefault“ in the appropriate subkey (client) and set it to „0“. These subkeys are not created in the registry because these protocols are disabled by default.

Most applications now support TLS 1.2 or higher and use Schannel over HTTP and .NET APIs.

However, some older programs call the Security Support Provider Interface (SSPI) directly and also specify the TLS version at the same time. TLS 1.0 or 1.1 is then often negotiated. Once Microsoft disables these outdated protocols in Windows, such software fails.

Create the subkeys for TLS 1.1 and TLS 1.2 using REG ADD

To create the DisabledByDefault DWORD subkeys and set them to 0 using REG ADD and without opening Registry Editor, the following lines can be run at a command prompt as administrator.

REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" /v "DisabledByDefault" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" /v "Enabled" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v "DisabledByDefault" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v "Enabled" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /v "DisabledByDefault" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /v "Enabled" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v "DisabledByDefault" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v "Enabled" /t REG_DWORD /d "1" /f

After creating the subkeys for TLS 1.1 and TLS 1.2 with using REG ADD on Windows. The Windows must be restarted for activation.

Transport Layer Security (TLS) 1.2 is the successor to Secure Sockets Layer (SSL) used by endpoint devices and applications to authenticate and encrypt data securely when transferred over a network. TLS protocol is a widely accepted standard used by devices.

A similar post that might also interest you here.

Wie hilfreich war dieser Beitrag?

Klicke auf die Sterne um zu bewerten!

Durchschnittliche Bewertung 5 / 5. Anzahl Bewertungen: 2

Bisher keine Bewertungen! Sei der Erste, der diesen Beitrag bewertet.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert