Enable TLS 1.2: How to do it on All Windows Versions
Learn to turn on this protocol on all Windows editions
7 min. read
Updated on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Key notes
- TSL 1.2 is the immediate past internet security protocol, with the latest one being version 1.3.
- The security layer provides security and efficiency for client-server communications and data transfer.Â
- You can enable and check for the presence of the protocol on your computer and server in different ways.Â
Transport Layer Security (TLS 1.2), also known as Transport Layer Security, is an encryption protocol designed to keep users’ data safe when the data is transferred over a network. The TLS 1.2 protocol is similar to the SSL (Secure Sockets Layer).Â
Transport Layer Security (TLS 1.2) is mainly used by client-server applications to share data and information across a network without security breaches or information leaks.
It functions to provide confidentiality, authenticity, and integrity by employing certificates between the computer applications sharing information.
How can I check if TLS 1.2 is enabled?
Transport Layer Security was introduced in 1999 as an Internet Engineering Task Force and has since evolved, with TLS 1.2 introduced in 2008.Â
Transport Layer Security has two levels of operation: the TLS handshake protocol and the TLS record, and the TLS operates in the application layer.
TLS 1.2 is more than just an upgrade; it is an essential step to ensuring safe data sharing. Older versions of the Transport Layer Security have become susceptible to attacks and security breaches easily avoidable with TLS 1.2.Â
Ensure that the TLS version is updated to TLS 1.2. and TLS 1.2. is enabled on your system to protect your data.Â
TSL 1.2 and 1.3 are enabled by default on Windows 11. You can also read this piece to learn more about how the protocol works.
The quickest way to check whether TLS 1.2 is enabled on your computer is to search for the presence of the registry key. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\Enabled
And its corresponding value, 1.
What is the command to check the TLS version in Windows?
- Press Windows + X.
- Select Windows Powershell.
- Enter the following command:
Get-TlsCipherSuite
. - Press Enter. Y
You can check the version of TLS 1.2 in Windows using the command: openssl s_client -connect www.google.com:443 -tls1_2
. You’ll be able to tell whether the version is supported if you get the certificate chain and handshake. Otherwise, you will get the handshake error message.
How do you check which TSL protocol is being used?
- Press Windows + R.
- Press Enter.
- In the Internet Properties window, click on the Advanced tab.
- Scroll to the bottom of the page and check which TLS protocol is reviewed.
There are different TLS protocols, with the latest being 1.3. You can view the currently used ones by noting which ones have checked boxes.
How do I enable TLS 1.2 on Windows?
- Enable TLS 1.2 on Windows 11
- Enable TLS 1.2 on Windows 10
- Enable TLS 1.2 on Windows 7
- Enable TLS 1.2 on Windows Server 2019
- Enable TLS 1.2 on Windows Server 2016
- Enable TLS 1.2 on Windows Server 2012 R2
1. Enable TLS 1.2 on Windows 11
- Click on Windows + R.
- Press Enter.
- In the Internet Properties window, click on the Advanced tab.
- Scroll down and check for the TSL protocol in use
- Select Apply.
- Close the browser window and relaunch your Google Chrome browser.
2. Enable TLS 1.2 on Windows 10
1. Open Google Chrome.
2. Press the Alt + F keys.
3. Click on Settings.
4. Go to Advanced.
5. Scroll down and select System.
6. Click on Open your computer’s proxy settings.
7. Press on Internet options and select Advanced.
8. Scroll down and click on security and tick the use TLS 1.2box.
9. Click OK.
10. Close the browser window and relaunch the browser.
On Windows 10, TLS 1.2 can be easily enabled via Internet Options, directly from the Google Chrome browser. The settings will take effect as soon as you restart your PC.
3. Enable TLS 1.2 on Windows 7
- Go to the status bar, and click on the Windows button. Click on Run.
- Type Regedit on the run page.
- Click OK to access the Registry editor.
- Clicking the OK button will give you access to Windows optionsÂ
- For Windows 7, enter this registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
. - Click the Protocols folder, click on New and select Key from the drop-down menu.Â
- Once you complete step 5, a new folder named New Key #1 will be created.
- Rename the folder as TLS 1.2.
- Right-click the TLS 1.2 tab, and click on New.
- Select Key from the drop-down menu.
- Once step 7 is complete, a new folder will be created named New Key #1.
- Rename the folder as Client.
- Right-click the Client Key, click on New, and select DWORD (32-bit) Value from the drop-down list.Â
- Click on DWORD (32-bit) Value and a new file named “New Value #1”. Change the name to Disabledbydefault.Â
- Once all the steps have been completed, reboot your system to activate the changes.Â
4. Enable TLS 1.2 on Windows Server 2019
- Press the Windows+ R buttons to access Regedit.
- Press Enter.
- Navigate to
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\
- Right-click the right pane, and click on New.
- Select Key.
- Name the new key TLS 1.2 and click on it.
- Click on New.
- Create a new key called Client.
- Right-click the client key and click on New.
- Select DWORD (32-bit) Value.
- Name the new file DWORD DisabledByDefault.
- Double-click it to open its properties
- Make sure the base is hexadecimal and the value is zero.
- Create another new DWORD file and name it Enabled.
- Double-click it to ensure that the base is hexadecimal and the value is one.
- Repeat the same steps for the server key using the exact words: DWORDS and Values.
- Close the registry.
- Restart the system.
5. Enable TLS 1.2 on Windows Server 2016
- First, open the Windows Start menu.
- Type Regedit in the search bar to open it.
- Make sure you backup your current registry before making any changes.
- In the registry, go to
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
- Right-click the empty right pane and click on New.
- Select Key.
- Name the new key TLS 1.2
- Right-click the empty right pane again and create two new keys named Client and Server.
- Select the Client key, click New, and select the DWORD (32-bit) value.
- Click the DWORD and rename it to DisabledByDefault.
- Right-click it, modify the base to hexadecimal and set the value to zero.
- Create another DWORD and name it enabled.
- Modify the base to hexadecimal and set the value to one.
- Repeat the same steps for the Server Key and create DWORDS with the same values.
- Close the registry and reboot your server.
6. Enable TLS 1.2 on Windows Server 2012 R2
- Launch the regedit.exe program.
- Enter the path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727.
- Create a new entry named SystemDefaultTlsVersions.
- Set the DWORD value to one.
- Create another entry named SchUseStrongCrypto and set the DWORD value to one.
- Go to the path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
. - Create an entry and name it SystemDefaultTlsVersions.
- Set the DWORD value to one.
- Make the same changes to the 64 bits OS location:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727
. - Please create a new entry, and name it SystemDefaultTlsVersions.
- Set the DWORD value to one.
- Create another entry and name it SchUseStrongCrypto with the DWORD value set to one.
- Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319
. - Perform the same modifications as the earlier locations.
For more information about how to enable TLS on Windows Server, check out our dedicated article.
How can I upgrade from TLS 1.0 to TLS 1.2Â
- Search for Server from the top menu bar.
- From the list of options, select the server of your choice.
- Go to Server Management and select settings and packages.
- Click on the advanced tab and scroll down to the Nginx box.
- The TLS Versions will display a list of selected versions. Click on edit to make changes.
- Select your desired protocol depending on the requirements and click save changes.
Older TSL versions are less secure than the latest ones. So you can also read more about disabling the TSL 1.0 protocol. If your device runs the latest Windows version, version 1.3 will be present.
Sometimes, Windows 11 users can experience TSL errors. Our guide provides a comprehensive solution.
As earlier emphasized, TSL 1.3 is automatically enabled on modern Preview builds of Windows. As far as internet security deployment protocols go, TSL 1.3 is the standard. Its secure protocols are made in such a way as to facilitate endpoint-to-endpoint data transfer. That is, it provides an additional security layer for client-server communications.
The new protocol addresses most of the failings of previous versions, making cryptographic algorithms obsolete. As a result, the handshake protocol (client authentication) is greatly encrypted and enhanced.
In addition, TSL 1.3 sees a marked improvement in privacy. The implication is that the network’s visibility of your user details and information is severely limited.
Having made it this far in this article, you’re sure to have found multiple solutions to enabling the TSL 1.2 protocol on your computer. If you’ve found this article interesting and valuable, please share your experience in the comments below.
User forum
0 messages