2

Do I need to enable TLS 1.0 in Windows Server 2008 R2, or is it enabled by default? I did search and found out that TLS 1.1 and 1.2 is supported but disabled by default. How about TLS 1.0?

I tried googling and wasn't able to find a concrete answer.

Katherine Villyard
  • 18,550
  • 4
  • 37
  • 59
Jach
  • 151
  • 1
  • 1
  • 4

2 Answers2

8

TLS 1.0 is enabled by default in Server 2008 R2.

Applies To: Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista

[...]

This subkey controls the use of TLS 1.0.

Applicable versions: As designated in the Applies To list that is at the beginning of this topic.

Registry path: HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

To disable the TLS 1.0 protocol, create an Enabled entry in the appropriate subkey. This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 0. To enable the protocol, change the DWORD value to 0xffffffff.

Source: http://technet.microsoft.com/en-us/library/dn786418.aspx

Community
  • 1
austinian
  • 1,729
  • 2
  • 15
  • 30
3

Check there: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

You will see TLS 1.0\Client\ & TLS 1.0\Server.

In each folder create those two key:

DWORD DisabledByDefault:0 DWORD Enabled:1

You can do the same trick for TLS 1.1 or 1.2 if the keys are not there

yagmoth555
  • 16,758
  • 4
  • 29
  • 50
  • Thanks for quick response. But I have checked and the "TLS 1.0" key doesn't exist and yet my test to ONLY TLS enabled service is ok. That's why I am asking whether it is the case that TLS 1.0 is enabled by default. By the way, try to upvote but don't have enough reputation :) – Jach Dec 04 '14 at 03:56
  • It's enabled by default, but I thougth the registry would had been there – yagmoth555 Dec 04 '14 at 04:02
  • thanks again for quick response. Do you have a microsoft link to support that? I couldn't find such evidence with my limited ability in googling. Thanks. – Jach Dec 04 '14 at 04:07