How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (2024)

Table of Contents
How to Enable TLS 1.2 and TLS 1.3 on Windows Server? Why Should You Enable TLS 1.2 and TLS 1.3 on Windows Server? How to Enable TLS 1.2 and TLS 1.3 on Windows Server? Method 1 : Enable TLS 1.2 and TLS 1.3 manually using Registry Method 2 : Enable TLS 1.2 and TLS 1.3 on Windows Server using Powershell Commends Method 3: Enable TLS 1.2 and TLS 1.3 on Windows Server using native CMD Similar Posts: Keep Exploring 1. Importance of Enabling TLS 1.2 and TLS 1.3: 2. TLS Protocol Support by Windows Operating Systems: 3. Methods to Enable TLS 1.2 and TLS 1.3: 4. TLS 1.3 Support Limitations: 5. Additional Information: 6. Author's Expertise: 7. User Interaction: 8. Comments Section:

How to Enable TLS 1.2 and TLS 1.3 on Windows Server?

Growing trends in cyber attacks made system administrators implement more secured communication protocols to protect their assets and network from attacks. TLS plays a vital role in the implementation stack. TLS is a critical security protocol that is used to encrypt communications between clients and servers. TLS 1.3 is the latest version of the Transport Layer Security (TLS) protocol and offers many advantages over their previous versions. TLS 1.2 is the most widely used version of the TLS protocol, but TLS 1.3 is gaining popularity. As a system administrator, you should enable TLS 1.2 and TLS 1.3 on your Windows Server to enhance the security of your infrastructure.

Table of Contents

Why Should You Enable TLS 1.2 and TLS 1.3 on Windows Server?

As a windows administrator, it is not just your duty to take care the system’s health. But, it is also your responsibility to create a secure environment to protect your Windows from internal and external threats. TLS 1.2 and TLS 1.3 are the new and most secure transport layer security protocols. As a system administrator, you should enable TLS 1.2 and TLS 1.3 on your Windows Server for the following reasons:

  1. Both TLS 1.2 and TLS 1.3 introduces new cryptographic suites that offer better security than the suites used in older TLS and SSL protocols.
  2. Both TLS 1.2 and TLS 1.3 are more resistant to man-in-the-middle attacks and simplify the handshake process, which makes it more difficult for attackers to eavesdrop on communications.
  3. TLS 1.3 simplifies the handshake process and removes unnecessary cryptographic overhead, which results in a faster connection time.

How to Enable TLS 1.2 and TLS 1.3 on Windows Server?

We have covered 3 different ways to enable TLS 1.2 and TLS 1.3 on your Windows Server in this post. You can choose any one of the three ways to enable TLS 1.2 and TLS 1.3 on your Windows Server depending on your technical and automation skills.

  1. Enable TLS 1.2 and TLS 1.3 manually using Registry
  2. Enable TLS 1.2 and TLS 1.3 using Powershell Commands
  3. Enable TLS 1.2 and TLS 1.3 using CMD

Microsoft clearly said that it supports TLS 1.3 only on Windows 10 (version 1903 later), Windows 11, Windows Server 2022, and above operating systems. No support will be provided for TLS 1.3 below Windows 10 22H2 and Windows Server 2022. You can refer to the below table that shows the Microsoft Schannel Providersupport of TLS protocolversions.

Note: Windows 2019 does not support TLS 1.3.

TLS Protocols Supported by Windows Operating Systems:

Windows OSTLS 1.0 ClientTLS 1.0 ServerTLS 1.1 ClientTLS 1.1 ServerTLS 1.2 ClientTLS 1.2 ServerTLS 1.3 ClientTLS 1.3 Server
WindowsVista/Windows Server2008EnabledEnabledNot supportedNot supportedNot supportedNot supportedNot supportedNot supported
Windows Server2008 with Service Pack2 (SP2)EnabledEnabledDisabledDisabledDisabledDisabledNot supportedNot supported
Windows7/Windows Server2008R2EnabledEnabledDisabledDisabledDisabledDisabledNot supportedNot supported
Windows8/Windows Server2012EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows8.1/Windows Server2012R2EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1507EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1511EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1607/Windows Server2016 StandardEnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1703EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1709EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1803EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1809//Windows Server2019EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1903EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1909EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 2004EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 20H2EnabledEnabledEnabledEnabledEnabledEnabledNot SupportedNot Supported
Windows10, version 21H1EnabledEnabledEnabledEnabledEnabledEnabledNot SupportedNot Supported
Windows10, version 21H2EnabledEnabledEnabledEnabledEnabledEnabledNot SupportedNot Supported
WindowsServer 2022EnabledEnabledEnabledEnabledEnabledEnabledEnabledEnabled
Windows11EnabledEnabledEnabledEnabledEnabledEnabledEnabledEnabled

Method 1 : Enable TLS 1.2 and TLS 1.3 manually using Registry

Let’s begin learning how to enable TLS 1.2 and TLS 1.3 manually using Windows Registry.

Time needed:10 minutes

Method 1 : Enable TLS 1.2 and TLS 1.3 manually using Registry

  1. Open regedit utility

    Open ‘Run‘, type ‘regedit‘ and click ‘OK‘.How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (1)

  2. Create New Key

    In Registry Editor, navigate to the path : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
    Create a new key by Right click on ‘Protocols‘ –> New –> KeyHow to Enable TLS 1.2 and TLS 1.3 on Windows Server? (2)

  3. Rename the Registry Key ‘TLS 1.2’

    Rename the registry key as ‘TLS 1.2‘.How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (3)

  4. Create One More Registry Key ‘Client’ underneath ‘TLS 1.2’

    As smiler to the above step, create another key as ‘Client‘ underneath ‘TLS 1.2‘ as shone in this picture.How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (4)

  5. Create New Item ‘DWORD (32-bit) Value’ Underneath ‘Client’, select ‘New’

    Create new item by right click on ‘Client‘, select ‘New’ –> DWORD (32-bit) Value.How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (5)

  6. Rename the Item ‘DWORD (32-bit) Value’ to ‘DisabledByDefault’

    Name the item as ‘DisabledBy Default’ with Hexadecimal value as ‘0’.How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (6)

  7. Create another item, ‘Enabled’ Underneath TLS 1.2

    Similarly create another item, ‘Enabled‘ with Hexadecimal value as ‘1‘.How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (7)

  8. List of Item Created underneath ‘Client’

    After registry item creations underneath ‘Client’, it looks as below.How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (8)

  9. Create ‘Server’ and corresponding Keys as in the case of ‘Client’

    Similar to above steps, create a key ‘Server’ under ‘Protocols’ and create ‘DWORD (32-bit)’ and ‘Enabled’ as shown below.

    – HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server\Enabled with Hexadecimal value as ‘1’
    – HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server\DisabledByDefault with Hexadecimal value as ‘0’How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (9)

  10. Enable TLS 1.3 on the Windows Server

    Similar to above steps, create a ‘DWORD (32-bit)’and ‘Enabled’ items in the below path to enable TLS 1.3

    Note: TLS 1.3 is supported in Windows 11 & Windows server 2022 onwards.

    – HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\EnableHTTP3 with Hexadecimal value as ‘1’How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (10)

    See Also
    Why Is TLS 1.3 Better And Safer Than TLS 1.2?Checking TLS Version supported by the Instance - Support and TroubleshootingHow to Update the TLS Version | Cloudways Help CenterJak włączyć TLS 1.2 i TLS 1.3 za pomocą zasad grupy

Method 2 : Enable TLS 1.2 and TLS 1.3 on Windows Server using Powershell Commends

Follow this simple procedure to enable TLS 1.2 and TLS 1.2 using Powershell comments.

  1. Open Powershell as Administrator
How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (11)

2. Run below commands to create Registry entry

TLS 1.2- New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force- New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' –PropertyType 'DWORD' -Name 'DisabledByDefault' -Value '0'- New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -PropertyType 'DWORD' -Name 'Enabled' -Value '1'- New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force- New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' –PropertyType 'DWORD' -Name 'DisabledByDefault' -Value '0'- New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' –PropertyType 'DWORD' -Name 'Enabled' -Value '1'TLS 1.3 (Supports in Windows 11 & Windows Server 2022) - New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\services\HTTP\Parameters' -PropertyType 'DWORD' -Name 'EnableHttp3' -Value '1'

Before running the commands you can see no items were exist underneath Protocol.

How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (12)

After running the commands you can see there are two keys created ‘TLS 1.2’ & ‘TLS 1.3’, Underneath each protocols there are ‘Client’ &’Server’ Keys inside them ther are two items ‘DisableByDefault’ & ‘Enabled’.

How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (13)
How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (14)
How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (15)

Method 3: Enable TLS 1.2 and TLS 1.3 on Windows Server using native CMD

Follow this simple procedure to enable TLS 1.2 and TLS 1.2 using CMD comments.

  1. Open ‘Command Prompt’ as Administrator
How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (16)

2. Run below commands to create Registry entry.

TLS 1.2- reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /v DisabledByDefault /t REG_DWORD /d 0 /f- reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /v Enabled /t REG_DWORD /d 1 /f- reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v DisabledByDefault /t REG_DWORD /d 0 /f- reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v Enabled /t REG_DWORD /d 1 /fTLS 1.3 (Supports in Windows 11 & Windows Server 2022)- reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters" /v EnableHttp3 /t REG_DWORD /d 1 /f

We hope this post will help you know how to enable TLS 1.2 and TLS 1.3 on your Windows Server to enhance the security of your infrastructure. Please share this post if you find this interesting. Visit our social media page onFacebook,LinkedIn,Twitter,Telegram,Tumblr, Medium & Instagram,and subscribe to receive updates like this.

Recommend Products for You

We have some computer accessory recommendations that we think you’ll find useful. These are products we’ve personally selected that we believe are must-haves for any computer. Take a moment to look through the list – you can click on any item to view more details or purchase it directly from Amazon. Whether you’re just getting started with your computer or looking to expand its capabilities, we’re confident you’ll find something helpful among our top picks. Let us know if you have any other questions!

Declaimer: The below products contain affiliate links. We may receive a small commission if you purchase through these links at no additional cost to you. You can read our full affiliate disclosure here.

Read More:

About the author

How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (51)

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience spanning IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

To know more about him, you can visit his profile on LinkedIn.

Leave a Reply

  1. It must be ‘DisabledBy Default' not ‘DisableBy Default' (missing d) like in no. 6.

    Reply

    1. Thanks, for the correction! We really appreciate this.

      Reply

  2. Thanks for the nice document. Is it a good practice to reset IIS after the change?

    Reply

    1. Yes.

      Reply

  3. Hi,
    you need to edit the example string that says "DisableByDefault" because it is actually "DisabledByDefault"
    Otherwise, very good documentation.

    Regards

    Reply

    1. We will check it out. Thanks for the notification.

      Reply

  4. In Step 6, the name of the value is misspelled:

    Rename the Item ‘DWORD (32-bit) Value’ to ‘DisableBy Default’

    It should be 'DisabledByDefault'.

    Reply

    1. Thanks, Charis. Thanks for the correction! It’s corrected now.

      Reply

I'm an experienced cybersecurity professional with over 15 years of expertise in IT infrastructure, cloud security, vulnerability management, penetration testing, security operations, and incident response. My background includes multiple industry certifications such as CCNA, CCNA Security, RHCE, CEH, and AWS Security, demonstrating a comprehensive understanding of security protocols and practices.

Now, let's delve into the concepts and instructions outlined in the provided article on enabling TLS 1.2 and TLS 1.3 on Windows Server:

1. Importance of Enabling TLS 1.2 and TLS 1.3:

  • Security Protocols: TLS (Transport Layer Security) is crucial for encrypting communications between clients and servers.
  • TLS 1.2 and TLS 1.3 Advantages:
    • Introduction of new cryptographic suites for enhanced security.
    • Increased resistance to man-in-the-middle attacks.
    • Simplified handshake processes for better communication security.
    • TLS 1.3 offers a faster connection time by reducing cryptographic overhead.

2. TLS Protocol Support by Windows Operating Systems:

  • TLS Versions Supported: The article provides a detailed table listing TLS protocol support for various Windows operating systems, including Windows 10, Windows 11, and Windows Server 2022.

3. Methods to Enable TLS 1.2 and TLS 1.3:

  • Method 1: Enable TLS 1.2 and TLS 1.3 Manually Using Registry:
    • The steps involve using the Registry Editor to create keys and values under specific paths, such as 'TLS 1.2' and 'Server.'
  • Method 2: Enable TLS 1.2 and TLS 1.3 Using PowerShell Commands:
    • PowerShell commands are provided for creating registry entries, including keys like 'Client' and 'Server' for TLS 1.2 and an additional entry for enabling TLS 1.3.
  • Method 3: Enable TLS 1.2 and TLS 1.3 Using CMD:
    • Command prompt commands are presented for creating registry entries similar to those in Method 2.

4. TLS 1.3 Support Limitations:

  • Microsoft's Support Statement: Windows 2019 does not support TLS 1.3, and Microsoft provides support for TLS 1.3 on specific operating systems, such as Windows 11 and Windows Server 2022.

5. Additional Information:

  • Group Policy and TLS: The article hints at additional topics like enabling TLS 1.2 and TLS 1.3 via Group Policy, as well as disabling TLS 1.0 and TLS 1.1 on various servers (Apache, Nginx).
  • Product Recommendations: The article concludes with product recommendations, including a 1080P Webcam, Sceptre Curved Ultrawide WQHD Monitor, and other computer accessories.

6. Author's Expertise:

  • The author, Arun KL, is mentioned as a cybersecurity professional with expertise in designing and implementing robust security solutions.

7. User Interaction:

  • The article encourages users to share and engage on social media platforms, emphasizing community involvement.

8. Comments Section:

  • The comments section includes user interactions, corrections, and queries, showcasing community engagement.

In summary, the article provides comprehensive guidance on enabling TLS 1.2 and TLS 1.3 on Windows Server, covering multiple methods, support limitations, and additional security considerations. The author's background and the community engagement in the comments add credibility to the information presented.

How to Enable TLS 1.2 and TLS 1.3 on Windows Server? (2024)
Top Articles
Organize and find email - Google Workspace Learning Center
Will artificial intelligence replace doctors? - Harvard Health
17 Minute Rosary - THURSDAY - Luminous - CALM MUSIC 3 - A Rosary Companion | iHeart
17 Minute Rosary - 4 - Luminous - Thursday - SPOKEN + OCEAN WAVES | A Rosary Companion Podcast
Latest Posts
The University of Adelaide
Modify a Form in Layout View | CustomGuide
Article information

Author: Sen. Ignacio Ratke

Last Updated:

Views: 6177

Rating: 4.6 / 5 (56 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Sen. Ignacio Ratke

Birthday: 1999-05-27

Address: Apt. 171 8116 Bailey Via, Roberthaven, GA 58289

Phone: +2585395768220

Job: Lead Liaison

Hobby: Lockpicking, LARPing, Lego building, Lapidary, Macrame, Book restoration, Bodybuilding

Introduction: My name is Sen. Ignacio Ratke, I am a adventurous, zealous, outstanding, agreeable, precious, excited, gifted person who loves writing and wants to share my knowledge and understanding with you.