TLS Version Configuration in Windows Server
Article # 3036156 - Page views: 84
How to determine which TLS versions are enabled/disabled on a Windows Server
Clients and servers must share at least one enabled TLS version to be able to communicate over HTTPS
TLS 1.0, 1.1, and 1.2 are enabled by default in Windows Server 2012, 2012 R2, 2016, 2019, and 2022.
Therefore, it can be assumed that TLS 1.0, 1.1, and 1.2 are enabled unless it can be determined that one or more TLS versions have been disabled in the Windows Registry.
To determine if a TLS version has been disabled on the server:
- Run regedit.exe
- Navigate to \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
- If no subkeys are present, TLS 1.0, 1.1, and 1.2 are all enabled.
- If a subkey is present (example: TLS 1.0), expand it and select its Server subkey
- If the TLS version has been disabled, the DisableByDefault value will be 1 and the Enabled value will be 0
To enable the TLS version, set the DisabledByDefault value to 0 and the Enabled value to 1
- Repeat for each TLS version subkey under the Protocols key
Level of Complexity
|Kofax Front Office Server||4.3