JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Activate TLS 1.2 under IIS 7.5

IIS 7.5 handles TLS 1.2 with Windows 7 and Windows Server 2008 R2. But it can only be activated manually.

Before starting we strongly recommend a backup of the keys that are going to be edited in your registry.

Registry backup

To backup your registry keys follow the instructions below:

  1. Open the editor via the start menu: Start > All programs > Accessories > Execute...
  2. Enter: regedit
  3. Once the application is launched go to the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
  4. Right click on the key and choose the "Export" option
  5. Give a name to this registry file and click on "Save"

Original values are now saved. To restore them if needed just delete the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders and double click on the created file.

Activate TLS 1.2 under IIS 7.5

To enable TLS 1.2 protocols under IIS 7.5, follow the instructions below :

  1. As for the backup, Open the registry editor via the start menu: Start > All programs > Accessories > Execute...
  2. Enter: regedit
  3. Once the application is launched go to the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
  4. If "TLS 1.2" key not exist create it. To do this, right click on the Protocols key and choose "New", then "key". This will create a new key. Rename it to "TLS 1.2".
  5. Once the TLS 1.2 key has been created, add two new keys inside it. The key “Server” and the key "Client".
    For that, As for the creation of the TLS 1.2 key, right click on TLS 1.2 and choose "New", then "key", next rename the news keys created in "Server" and "Client".
  6. For each of the two new keys created, "Client" and "Server", you will create 2 new values.
    • DisabledByDefault
    • Enabled
  7. Right-click on the "Client" key, choose new, then "DWORD (32-bit) Value"
  8. Rename the new value to "DisabledByDefault"
  9. Right-click on DisableByDefault and change the value. You must be sure that the value is set to 1 with an hexadecimal base.
  10. Right-click on the "Client" key, choose new, then "DWORD (32-bit) Value"
  11. Rename the new value to "Enableded"
  12. Right-click on DisableByDefault, and change the value. You must be sure that it set to 0 and with an hexadecimal base.
  13. Repeat steps 6 to 12, but instead of working with the client key you will work with teh Server key.
  14. Restart the server.

Now your server should be able to support the TLS 1.2 protocol.

Additional resources

  • IIS Crypto: Tool developed by Nartac that allows you to customize protocol and cipher support on Windows.