We want to support web browsers utilizing TLS 1.1 and 1.2, which has been apparently implemented by Microsoft, but is turned off by default.
So I went searching on Google and discovered some pages everyone seems to be following:
http://support.microsoft.com/kb/245030
https://www.derekseaman.com/2010/06/enable-tls-12-aes-256-and-sha-256-in.html
However! It doesn't appear to be working for me. I have set both DWORD vaules for DisabledByDefault and Enabled for TLS 1.1 and 1.2. I can confirm my client is attempting to communicate with TLS 1.2, but the server only responds with 1.0. I've restarted IIS, but it didn't change the situation.
Microsoft points out: "WARNING: The DisabledByDefault value in the registry keys under the Protocols key does not take precedence over the grbitEnabledProtocols value that is defined in the SCHANNEL_CRED structure that contains the data for an Schannel credential."
Well, that's very vague to me. I can't find anywhere where SCHANNEL_CRED is defined or set, all I can determine that it's a structure defined in a Microsoft library. That's my only guess for why this isn't work, yet I can't find enough information on it to determine if it is the true problem.
Best Answer
Reboot. Changes to Schannel settings do not take effect until the system is rebooted.