Share via

How To Enable TLS 1.2 for Windows Server 2016

KC2022JAN-0951 61 Reputation points
2023-12-20T08:34:15.66+00:00

Refer to https://learn.microsoft.com/en-US/troubleshoot/sql/database-engine/connect/tls-1-2-support-microsoft-sql-server

I added below:-

  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001
  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001

AWS Health Dashbroad detach the email sent from the server still is TLS1.0

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,655 questions
Accepted answer
  1. abbodi86 4,031 Reputation points
    2023-12-21T00:58:06.5866667+00:00

    TLS 1.2 is already enabled by default since Windows 8

    .NET Framework probably need to these registry values to default to Tls 1.2

    open command prompt as administrator and run:

    reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /f /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /reg:64  
reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /f /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /reg:32  
reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /f /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:64  
reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /f /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:32

    then reboot

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-12-21T06:43:58.2266667+00:00

    Hello KC2022JAN-0951,

    Thank you for posting in Q&A forum.

    TLS 1.1 & TLS 1.2 are enabled by default on post Windows 8.1 releases. Prior to that they were disabled by default.

    I think "Enabled by default" means the key doesn't have to exist for it to be turned on.

    The following table displays the Microsoft Schannel Provider support of TLS protocol versions.
    User's image

    Reference:
    https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-

    And here is a similar thread for your reference.
    https://social.technet.microsoft.com/Forums/en-US/cb1a695b-a15c-4fa7-94f0-1aaa20c1279d/enabling-tls-12-on-windows-server-2012-amp-2016

    Hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.