Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Activate TLS 1.2 under IIS 7.5

Please note - the TLS 1.2 protocol has been mandatory since March 2020:More information

IIS 7.5 handles TLS 1.2 with Windows 7 and Windows Server 2008 R2. But it can only be activated manually.

Before starting we strongly recommend a backup of the keys that are going to be edited in your registry.

Registry backup

To backup your registry keys follow the instructions below:

  1. Open the editor via the start menu: Start > All programs > Accessories > Execute...

  2. Enter: regedit

  3. Once the application is launched go to the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

  4. Right click on the key and choose the "Export" option

  5. Give a name to this registry file and click on "Save"

Original values are now saved. To restore them if needed just delete the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders and double click on the created file.

Activate TLS 1.2 under IIS 7.5

To enable TLS 1.2 protocols under IIS 7.5, follow the instructions below :

  1. As for the backup, Open the registry editor via the start menu: Start > All programs > Accessories > Execute...

  2. Enter: regedit

  3. Once the application is launched, navigate to the following key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

  4. If the key "TLS 1.2" does not exist create it. To do this, right click on the "Protocols" key, choose "New", then "key". This will create a new key. Rename it to "TLS 1.2".

  5. Once the TLS 1.2 key has been created, add two new keys inside it. The key “Server” and the key "Client".
    For that, As for the creation of the TLS 1.2 key, right click on TLS 1.2 and choose "New", then "key", next rename the news keys created in "Server" and "Client".

  6. For each of the two new keys created, "Client" and "Server", you will create 2 new values.
    • DisabledByDefault
    • Enabled

  7. Right-click on the "Client" key, choose new, then "DWORD (32-bit) Value"

  8. Rename the new value to "DisabledByDefault"

  9. Right click on DisableByDefault and change the value. You need to make sure it is set to 0 in hexadecimal.

  10. Right-click on the "Client" key, choose new, then "DWORD (32-bit) Value"

  11. Rename the new value to "Enabled"

  12. Right click on Enabled, and change to its value. You need to make sure it is set to 1 in hexadecimal.

  13. Repeat steps 6 to 12, but instead of working with the client key you will work with teh Server key.

  14. Restart the server.

Now your server should be able to support the TLS 1.2 protocol.

Additional resources

  • IIS Crypto: Tool developed by Nartac that allows you to customize protocol and cipher support on Windows.