Enable TLS 1.2 on Windows Server 2008 R2

Windows Server 2008 R2 come with IIS 7.5, latest supported TLS version is 1.1. Recently Google Chrome starting showing sites using TLS 1.0 and 1.1 as insecure.

To fix this, create a file tls12-enable.reg with following content

Now run a command promt (cmd.exe) as Administrator. Go to the folder where tls12-enable.reg is saved, run

Now reboot your server. Once server is back online, check if server is supporting TLS 1.2 using

https://www.ssllabs.com/ssltest/analyze.html

If TLS 1.2 is showing as enbaled, we can disable all older insecure protocols, for this, create a file disable.reg with following content

Start a command promt as user Administrator, navigate to folder where disable.reg is saved, run command

Reboot server. once server is back online, you will have all disabled protocols disabled. ssllabs will show Score A.

SSL Score A

Add a Comment

Your email address will not be published. Required fields are marked *