Server 2008 SP2 (Non R2) TLS 1.1 / 1.2

Question

I've been asked to look at a server for a customer as they are having trouble getting TLS 1.1 or 1.2 support to work. Their server integrates with a payment provider who will be requiring 1.2 soon.

According to Microsoft, this should be supported since they released update 4019276. https://support.microsoft.com/en-us/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows

However, Windows Update does not seem to list this update, and attempting to install manually just returns "The update does not apply to your system"

I'm at a loss as to why this update refuses to install.

Edit: Answering some questions from the first answer

• The update does not appear to be installed unless there's something broken causing it to not appear in Programs/Features
• The requirements for the update list only SP2 which is installed
• The customer is using IISCrypto to manage settings but this does not list 1.1 or 1.2 as an option.

Answer 1

Did you check if the update was maybe already installed (under installed updates)?

If you checked and it's not there: Are there dependencies unresolved? Also, when you tried to manually install it, did you download the right version? Check here: http://www.catalog.update.microsoft.com/search.aspx?q=kb4019276

Another thing is, that Windows Server 2008 does not activate TLS 1.2 by default just because it's installed (and yes that is a bad thing). Had to find this out the hard way.

You have to activate TLS support in the Registry. Luckily, there is a free tool for that, IISCrypto, which lets you set Protocols and Ciphers:

https://www.nartac.com/Products/IISCrypto

Finally just a hint: Win Server 2008 SP2 is reaching end of life in January 2020, so prepare for that.