We want to support web browsers utilizing TLS 1.1 and 1.2, which has been apparently implemented by Microsoft, but is turned off by default.
So I went searching on Google and discovered some pages everyone seems to be following:
However! It doesn’t appear to be working for me. I have set both DWORD vaules for DisabledByDefault and Enabled for TLS 1.1 and 1.2. I can confirm my client is attempting to communicate with TLS 1.2, but the server only responds with 1.0. I’ve restarted IIS, but it didn’t change the situation.
Microsoft points out: “WARNING: The DisabledByDefault value in the registry keys under the Protocols key does not take precedence over the grbitEnabledProtocols value that is defined in the SCHANNEL_CRED structure that contains the data for an Schannel credential.”
Well, that’s very vague to me. I can’t find anywhere where SCHANNEL_CRED is defined or set, all I can determine that it’s a structure defined in a Microsoft library. That’s my only guess for why this isn’t work, yet I can’t find enough information on it to determine if it is the true problem.
Reboot. Changes to Schannel settings do not take effect until the system is rebooted.
- Using trusted certificate key and crt files to enable TLS in Sendmail
- Do I need to enable TLS support for postfix?
- How can I send email notifications from an app that does not support TLS when my service requires TLS?
- Require TLS on RDP for all connections
- How to inspect remote SMTP server’s TLS certificate?