Enable TLS 1.1 and TLS 1.2 on Windows Server 2008 R2 and IIS 7.5 – AdminHorror

Enable TLS 1.1 and TLS 1.2 on Windows Server 2008 R2 and IIS 7.5.

Enable TLS 1.1 and TLS 1.2 on Windows Server 2008 R2 and IIS 7.5

  1. Please backup your registry.
  2. Start the registry editor (regedit)
  3. Browse to the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
  4. Add the following keys: 
    TLS 1.1 and TLS 1.2
  5. Within each of the TLS 1.1 and TLS 1.2 keys (they look like folders), add these keys:Client and Server
  6. Within each of the Client and Server keys, create the following DWORD values:
    • DisabledByDefault with a value of 0
    • Enabled with a value of 1
  7. Reboot the server.

You should now have registry settings that look like:
TLS 1.2 Registry Settings

I tested the new settings by configuring Internet Explorer 9 to only use TLS 1.2 and connected to a secure page on one of the websites on my server. Here is where you configure IE9 to do this:
IE9 SSL/TLS Settings

Do your customers a favor (and thus yourself) by allowing them to use a more secure version of SSL/TLS on your website. Configure your IIS server to use TLS 1.1 and TLS 1.2. Hopefully all web browsers will support these versions in the very-near future – but at least Internet Explorer 9 already does.

Advertisements