With TLS 1.0 and 1.1 being deprecated you may find an error saying that SSL_ERROR_UNSUPPORTED_VERSION
This website might not support the TLS 1.2 protocol, which is the minimum version supported by Firefox. Enabling TLS 1.0 and TLS 1.1 might allow this connection to succeed.
TLS 1.0 and TLS 1.1 will be permanently disabled in a future release.
To resolve this fault you need will enable enable TLS 1.2 on your server and reboot.
Enabling TLS 1.2
- Backup your registry, this is always a good idea!
- Open the registry editor
- browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\
- Create a new key Called TLS 1.2 if it does not exist
- Create 2 keys under TLS 1.2 called Client and Server
- under each of the keys, Client and Server create two Dwords DisabledByDefault and Enabled
- Make DisabledByDefault a Value of 0 and Enabled a value of 0 under both Client and Server Keys.
Alternatively you can copy the below into a file called tls12.reg and run the file as administrator.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001
Finally, run a final check using SSL Server Test, the test should show you that TLS 1.2 is active.
1 thought on “Add TLS to Windows server 2008, Exchange 2010 or IIS 7.5”
In your step-by-step guide you have instructed a value of ‘0’ to be entered in the ‘Enabled’ value, yet in your copy/paste text below the step-by-step guide you have a value of 1 in the ‘Enabled’ line of text.
“7. Make DisabledByDefault a Value of 0 and Enabled a value of 0 under both Client and Server Keys.”
Thank you for this info, it worked, but only when I used the values from the copy/paste text.