1. Home
  2. Knowledge Base
  3. Web Server Configuration Guides
  4. Enabling TLS 1.2
  5. How to enable TLS 1.2 on Windows Server 2008/2016

How to enable TLS 1.2 on Windows Server 2008/2016

 

Note: IF you are running Windows Server 2008 you will need to download the following update before proceeding:

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi

  1. In the Windows start menu, type regedit and open it

  2. We strongly recommend backing up your current registry before making any changes. This can be done by clicking File, then Export and the save the backup at a safe location

  3. Go to the following path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\
    CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols



  4. Right-click on the empty space in the pane on the right side and choose New > Key

  5. Name the new key TLS 1.2

  6. Right-click the empty space on the right side again and add two new keys named Client and Server

  7. Select the Client key, right-click on the right side, and select New -> DWORD (32-bit) Value

  8. Name the DWORD DisabledByDefault, right-click on it, and select Modify. The base should be set to Hexadecimal and the value set to 0:



  9. Create a new DWORD with the name Enabled. The base should be set to Hexadecimal and the value set to 1

  10. Repeat the process for the Server key, creating the same DWORDS with the same values

  11. Exit the registry and reboot your server

If anything goes wrong, you can revert to your initial registry settings by double-clicking your registry backup file created in step 2.

You can check if your configuration is correct by looking up your site in our SSL Labs checker:

https://trustzone.ssllabs.com

In the Configuration section, you can see the protocols enabled for your site.

You can check which protocols are supported on a different version of Windows by following this link:

https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl–schannel-ssp-

Was this article helpful?