Windows Server: How to enable TLS with ease


Aleksandar Ognjanovic
by Aleksandar Ognjanovic
Editor
Loading Comments
Affiliate Disclosure

windows server

If you were wondering how to enable or disable TLS (Transport Layer Security) on Windows Server, you are at the right place. Transport Layer Security 1.0 isn’t supported since the last year so what you also want to do, besides enabling the latest TLS 1.2, is disabling TLS 1.0. It’s quite important to have the latest cryptographic protocol on your Windows Server and not outdated SSL and TLS 1.0.

Windows Server: How to disable TLS

1. Enable TLS 1.2

So, without further ado, follow these instructions to enable (and disable) TLS in Windows Server:

  1. If you are running Windows Server 2008, check this Microsoft’s article regarding the necessary update in order to enable TLS 1.2. Once you’ve installed updates, move to the steps below.
  2. Open Registry Editor.
  3. Since we are dealing with registry, we strongly suggest backing up the current Registry state. Misuse of the Registry might have detrimental effects on your system.
  4. Once we’ve dealt with that, follow this path:
    Computer\HKEY_LOCAL_MACHINE\SYSTEM\
    CurrentControlSet\Control\SecurityProviders\
    SCHANNEL\Protocols
  5. Right-click on the empty space in the right pane and choose New > Key.
  6. Name the new key TLS 1.2 and click to expand it.
  7. Again, click on the empty space in the right pane and add two new keys. Name the first one Client and the second one Server. It should look like this.regedit lts 1.2 enable windows server
  8. Now, select the Client key, right-click in the right pane and select New > DWORD (32-bit) Value.
  9. Name the DWORD DisabledByDefault, right-click on it and select Modify.
  10. Ensure that the Base is Hexadecimal and the value is 0 (zero).
  11. Create a new DWORD and name it Enabled.
  12. Ensure that the Base is, again, Hexadecimal and the Value is this time 1.
  13. Repeat this for the Server key with the exactly the same DWORDS and values.
  14. Close the Registry Editor and reboot your server.
  15. If you want to revert back to the initial settings, just restore the Registry state from the backup.

Looking for the best backup software for Windows servers? Here are the best options.


2. Disable TLS 1.0 and TLS 1.1

  1. Open Registry Editor.
  2. Navigate to
    Computer\HKEY_LOCAL_MACHINE\SYSTEM\
    CurrentControlSet\Control\SecurityProviders\
    SCHANNEL\Protocols
  3. Create a new key as already explained, and name it TLS 1.1. You can create the one named TLS 1.0 as well.
  4. Create the DWORD and name it Enabled.
  5. Set its value to 0 and confirm changes.
  6. And that’s it, you have disabled TLS 1.0 (TLS 1.1).

That’s how to enable or disable TLS on Windows Server. With those steps, TLS 1.2 is enabled and TLS 1.0 disabled with ease. Although, it’s not really necessary to do so.

RELATED STORIES YOU SHOULD CHECK OUT:

Was this page helpful?
Thanks for letting us know!
Get the most from your tech with our daily tips
Tell us why!