Skip to main content
Kofax

TLS Version Configuration in Windows Server

  1. Last updated
  2. Save as PDF
Article # 3036156 - Page views: 84

Issue

How to determine which TLS versions are enabled/disabled on a Windows Server

 

Cause

Clients and servers must share at least one enabled TLS version to be able to communicate over HTTPS

 

Solution

TLS 1.0, 1.1, and 1.2 are enabled by default in Windows Server 2012, 2012 R2, 2016, 2019, and 2022.  

Therefore, it can be assumed that TLS 1.0, 1.1, and 1.2 are enabled unless it can be determined that one or more TLS versions have been disabled in the Windows Registry.
 

To determine if a TLS version has been disabled on the server:

  1. Run regedit.exe
     
  2. Navigate to \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
     
  3. If no subkeys are present, TLS 1.0, 1.1, and 1.2 are all enabled.
     
  4. If a subkey is present (example: TLS 1.0), expand it and select its Server subkey
     
  5. If the TLS version has been disabled, the DisableByDefault value will be 1 and the Enabled value will be 0
    Note-Icon.png

    To enable the TLS version, set the DisabledByDefault value to 0 and the Enabled value to 1
  6. Repeat for each TLS version subkey under the Protocols key
     

 

 

Level of Complexity 

Moderate

 

Applies to  

Product Version Build Environment Hardware
Kofax Front Office Server 4.3
4.1		 ALL ALL N/A
Kofax TotalAgility 7.9
7.8
7.7
7.6
7.5		 ALL ALL N/A
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.