How to implement TLS 1.2 on Windows Server

Enabling TLS 1.2 on Windows servers involves the following steps:

1. Start by backing up the Registry: Open regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL. Go to File > Export and save the backup.

2. Disable TLS 1.0: Within the Protocols section, locate TLS 1.0 > Client and modify the Name Enabled to 0, effectively disabling TLS 1.0.
   Please refer to the accompanying images for visual assistance.

   TLS 1.0 > Client modify Enabled to 0

   

TLS 1.0 > Server modify Enabled to 0

1. Disable TLS 1.1: Follow similar steps as above for TLS 1.1.
   Within the TLS 1.1 > Client section, change the Name Enabled to 0, disabling

   

TLS 1.1. In the TLS 1.1 > Server section, modify the Name Enabled to 0, effectively disabling TLS 1.1.

1. Enable TLS 1.2: To enable TLS 1.2, modify the Enabled value to 1.
   Under TLS 1.2 > Client, set the Enabled value to 1 in the HexCode format (1 will be automatically converted to HexCode after saving).

In the TLS 1.2 > Server section, set the Enabled value to 1.

---

Related articles

https://trustzone.com/knowledge-base/how-to-disable-tls-1-0-and-tls-1-1-on-windows-server-2008-2016/

https://thesecmaster.com/how-to-disable-tls-1-0-and-tls-1-1-on-windows-server/

https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-

Be careful while modifying the registry settings on servers or local systems