Enabling TLS 1.2 configuration

To ensure the proper functioning of the Tenant and its associated operations, it is essential to enable TLS 1.2 settings in windows 2016 and 2019 servers. In windows 2022, TLS 1.3 is enabled by default..

To enable only TLS 1.2 Configuration:

  1. Enable only TLS 1.2 in registry.

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]

      "DisabledByDefault"=dword:00000001
      "Enabled"=dword:00000000

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]

      "DisabledByDefault"=dword:00000001
      "Enabled"=dword:00000000

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]

      "DisabledByDefault"=dword:00000001
      "Enabled"=dword:00000000

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]

      "DisabledByDefault"=dword:00000001
      "Enabled"=dword:00000000

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]

      "DisabledByDefault"=dword:00000001
      "Enabled"=dword:00000000

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]

      "DisabledByDefault"=dword:00000001
      "Enabled"=dword:00000000

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]

      "DisabledByDefault"=dword:00000001
      "Enabled"=dword:00000000

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]

      "DisabledByDefault"=dword:00000001
      "Enabled"=dword:00000000

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

      "DisabledByDefault"=dword:00000000
      "Enabled"=dword:00000001

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

      "DisabledByDefault"=dword:00000000
      "Enabled"=dword:00000001

  2. Create schcryptokey under .NETFramework key in registry.

  3. To create schcryptokey using PowerShell run the following commandlets:

    •  reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:64

    • reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:32

  4. After creating schcryptokey restart the server.