1

I have Windows Server 2012 and everything I read says TLS 1.2 should be enabled by default. But when I go into 

Regedit>HKEY_Local_Machine>System>SecurityProviders>SChannel>Protocols

the only key in there is SSL 2.0 and it only has a client subkey with disabledbydefault set to 1.

If TLS is enabled, shouldn't there be TLS 1.2 key in there at least?

David Makogon
  • 2,768
  • 1
  • 20
  • 29
BSmith
  • 13
  • 2

1 Answers1

0

The keys and values in that registry section are what you use to control SCHANNEL default values. If the key for TLS 1.2 is missing, the operating system will use it's default value.

When it comes to security related issues it's always best to specifically state your desired configuration in case default values change by the manufacturer. To do this you should set the appropriate keys as well as test the server.

Here is a nice MS page showing the necessary TLS registry entries for controlling TLS 1.2:

https://technet.microsoft.com/en-us/library/Dn786418.aspx

Bad Dos
  • 643
  • 3
  • 9
  • Thanks that is really helpful! The OS using default values if no key is present is one thing I didn't know! I thought if it was enabled then there should be a key. – BSmith Jul 30 '15 at 13:08