0

These servers are running Windows server Datacenter 2016 on Azure.

As per the documentation, by default TLS 1.2 is enabled on Windows server Datacenter 2016 but when i checked the registry and registry keys related to TLS does not exist.

Then how can i enable TLS on this server

pl-jay
  • 111
  • 4
  • Which registry keys did you check? What do you want TLS for? RDP? SMB? WWW? What makes you believe tls is not enabled? – vidarlo Feb 15 '22 at 07:46
  • Computer\HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols – pl-jay Feb 15 '22 at 07:51
  • Using TLS for both RDP and WWW – pl-jay Feb 15 '22 at 07:52
  • Since there aren't any registry keys related to TLS, i guessed it TLS not enabled – pl-jay Feb 15 '22 at 07:54
  • 1
    Your question doesn't make a lot of sense. TLS's isn't something that is just "on" you need to configure it for whatever service you need it for. If you want it for IIS then you need to install a cert and enable it for your web app, for RDP you need to configure a cert in the cert store and configure IIS to use it. You need to go look at the services you want to run and understand how TLS works with those services. Looking for a registry key is not going to help you. – Sam Cogan Feb 15 '22 at 08:20
  • @SamCogan i guess i misunderstood what TLS means, so then what i need to do is enable for web app which hosted on iis. Right – pl-jay Feb 15 '22 at 10:53
  • Try stating what you are doing that isn't working. – Greg Askew Feb 15 '22 at 11:11
  • @pl-jay You want to serve the web page over https? – vidarlo Feb 15 '22 at 12:58
  • Does this answer your question? [Checking TLS 1.2 enabled or not on my Windows Server](https://serverfault.com/questions/1041384/checking-tls-1-2-enabled-or-not-on-my-windows-server) – vidarlo Mar 02 '22 at 07:29

1 Answers1

2

On Windows Server 2016, if there are no specific Registry values for TLS 1.2, it means it is enabled for both server and client purposes. There is nothing you need to do.

You need registry entries to turn it off.

You can have registry to have it on, but if they are not there, it is on by default.

Peter Hahndorf
  • 14,058
  • 3
  • 41
  • 58