Add TLS to Windows server 2008, Exchange 2010 or IIS 7.5

With TLS 1.0 and 1.1 being deprecated you may find an error saying that SSL_ERROR_UNSUPPORTED_VERSION

This website might not support the TLS 1.2 protocol, which is the minimum version supported by Firefox. Enabling TLS 1.0 and TLS 1.1 might allow this connection to succeed.

TLS 1.0 and TLS 1.1 will be permanently disabled in a future release.

Add TLS to Windows server 2008, Exchange 2010 or IIS 7.5 1

To resolve this fault you need will enable enable TLS 1.2 on your server and reboot.

Enabling TLS 1.2

  1. Backup your registry, this is always a good idea!
  2. Open the registry editor
  3. browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\
  4. Create a new key Called TLS 1.2 if it does not exist
  5. Create 2 keys under TLS 1.2 called Client and Server
  6. under each of the keys, Client and Server create two Dwords DisabledByDefault and Enabled
  7. Make DisabledByDefault a Value of 0 and Enabled a value of 0 under both Client and Server Keys.
  8. Reboot

Alternatively you can copy the below into a file called tls12.reg and run the file as administrator.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

Finally, run a final check using SSL Server Test, the test should show you that TLS 1.2 is active.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.