question

RNA avatar image
0 Votes"
RNA asked LimitlessTechnology-2700 answered

Is TLS 1.x Enabled by default on Windows Server 2012/2016/2019?

Hello,



Is TLS 1.x enabled by default in Windows Server 2012/2016/2019?



If enabled, please explain how do we usually check for that?

I know that we can do that with tools like IIS Crypto but I need to check that either from the command line or from the registry.

If not enabled. Please explain how could we enable and test it?



Thanks

windows-serverwindows-server-iis
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BruceZhang-MSFT avatar image
0 Votes"
BruceZhang-MSFT answered

Hi @RNA ,

If you have installed the latest system patch, TLS1.0, 1.1 and 1.2 both enabled on server by default. You can get this information from Microsoft docs.
144306-1.jpg

You can check it from control panel.
144372-2.jpg
144364-3.jpg

If you still want to check it from the registry, it may difficult to check because the registry is more used to disable a certain TLS version. You can refer to this docs.

In order to override a system default and set a supported (D)TLS or SSL protocol version to the Disabled by default state, create DWORD registry values named "Enabled" and "DisabledByDefault" with a non-zero value under the corresponding version-specific subkey.
In order to override a system default and set a supported (D)TLS or SSL protocol version to the Disabled state, create a DWORD registry value named "Enabled", with a value of zero, under the corresponding version-specific subkey.



If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Best regards,
Bruce Zhang



1.jpg (164.2 KiB)
2.jpg (93.1 KiB)
3.jpg (86.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi @RNA,

It is not enabled default. To enable the TLS 1.1 protocol, create an Enabled entry (in the Client or Server subkey) and change the value to 1 .

Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows

https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392

How to enable TLS 1.2 on clients
https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client



--If the reply is helpful, please Upvote and Accept it as an answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.