Windows Server 2008 R2 – Enabling TLS 1.2 in Registry but Not Functioning

iis-7.5tlswindows-server-2008-r2

Yes, I rebooted the server. Several times.

This actually affects both TLS 1.1 and 1.2. The only one currently working is 1.0.

I followed the instructions here: http://support.microsoft.com/kb/245030

I've double checked all the names and values; I've had someone else double check all the names and values.

registry

Both Qualys and IE confirm that 1.1 and 1.2 are not functioning for multiple (presumably all) HTTPS-enabled sites on the server.

Any ideas on how to further investigate this would be awesome.

Edit: More screenshots.

windows-version

Best Answer

To enable the system to use the protocols that will not be negotiated by default (such as TLS 1.1 and TLS 1.2), change the DWORD value data of the DisabledByDefault value to 0x0 in the following registry keys under the Protocols key:

SCHANNEL\Protocols\TLS 1.1\Client

SCHANNEL\Protocols\TLS 1.1\Server

SCHANNEL\Protocols\TLS 1.2\Client

SCHANNEL\Protocols\TLS 1.2\Server

Try adding that to both TLS 1.1 and 1.2 under the Server key like you have it in the Client keys.

Best Answer

Related Solutions

IIS TLS – How to Enable TLS 1.1 and 1.2 in IIS 7.5

Enable TLS 1.2 in Windows Server 2012 running Exchange 2013 via IIS 8.0

Related Topic