Share via

I want disable TLSv1.0 and use TLS 1.2 instead. win server 2012

rajanish tripathi 1 Reputation point
2021-01-20T05:49:40.76+00:00

I want disable TLSv1.0 and use TLS 1.2 instead.

but when i visit Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

i am able to see only SSl2.0 then how i am able to use TLS 1.2 please suggest its live 2012 server58479-tls.jpg

Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,571 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Hannah Xiong 6,266 Reputation points
    2021-01-20T06:13:22.327+00:00

    Hello,

    Thank you so much for posting here.

    Hope something here could be helpful.
    https://learn.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings

    Best regards,
    Hannah Xiong

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Hannah Xiong 6,266 Reputation points
    2021-01-21T05:47:46.493+00:00

    Hello,

    Thank you so much for your kindly reply.

    TLS 1.2 is enabled by default on 2012 & 2012 R2. Since we are not able to see TLS in regstry, we could manually create the necessary subkeys for TLS 1.2.

    IMPORTANT: As always and it’s worth repeating, you need to backup your current registry settings before attempting any of these changes on your servers. Below are the steps:

    1,Launch regedit.exe.

    2, In registry, go to:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

    3, Create a new DWORD entry with a name TLS 1.2 and create another subkey Server.

    4, Under the subkey Server, create another DWORD Enabled with a value of 1.

    5, Still under the subkey Server, create a DWORD DisabledByDefault with a value of 0.

    6, You must create a subkey DisabledByDefault entry in the appropriate subkey (Client, Server) and set the DWORD value to 0 since this entry is set to 1 by default.

    7, Reboot the server and test.

    58957-1.png

    Best regards,
    Hannah Xiong

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.