How to Enable TLS 1.2 on Windows Server 2008 R2 and IIS 7.5
Nowadays there is an SSL vulnerability called POODLE discovered by Google team in SSLv3 protocol. So uses of SSLv3 is not secure to use. Now it’s recommended using TLS 1.2. This article will help you enable TLS security in Windows Server 2008 R2 or later versions by editing registry.
Step 1 – Backup Registry Settings
We strongly recommend taking a backup of the registry before making any changes. Use below link to find steps to how to export registry values.
SRE实战 互联网时代守护先锋,助力企业售后服务体系运筹帷幄!一键直达领取阿里云限量特价优惠。Step 2 – Enable TLS 1.2 on Windows
You have two options to enable TLS version on your system.
Option 1 – Merge Resistry File
Download the Enable-TLS12-Windows.reg and Enable-TLS12-TLS11-Windows.reg files on your Windows system. Now right click on file and click Merge.
Option 2 – Manually Update Registry
You can do this by directly editing registry file manually.
2.1 Open registry on your server by running ‘regedit‘ in run window and navigate to below location.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
2.2 Add the TLS 1.1 and TLS 1.2 keys under Protocols. It will looks like directories.
2.3 Now create two keys Client and Server under both TLS keys.
2.4 Now create the DWORD Values under Server and Client key as following
DisabledByDefault [Value = 0] Enabled [Value = 1]
Step 3 – Disable TLS and SSL Older Versions
3.1 Open registry on your server by running ‘regedit’ in run window and navigate to below location.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
3.2 Now change DWORD Values under Server and Client under TLS 1.0, SSL 3.0 and Older SSL version keys.
DisabledByDefault [Value = 0] Enabled [Value = 0]
After making all above setting reboot your server.
