how to enable tls 1.2 on windows server 2016

Enabling TLS 1.2 on Windows Server 2016: Step-by-Step Guide #

TLS (Transport Layer Security) is a cryptographic protocol that provides secure communication over a network. Windows Server 2016 comes with TLS 1.0 and TLS 1.1 enabled by default. However, to enhance security and ensure compliance with industry standards, it is recommended to enable TLS 1.2. Enabling TLS 1.2 on Windows Server 2016 is a relatively straightforward process, and this step-by-step guide will walk you through the necessary configurations.

  1. Open the Registry Editor: Press the Windows key + R on your keyboard to open the Run dialog box. Type "regedit" and click OK to open the Registry Editor.

  2. Navigate to the TLS key: In the Registry Editor, navigate to the following path: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols

  3. Create the TLS 1.2 key: Right-click on the "Protocols" folder and choose New > Key. Name the new key as "TLS 1.2".

  4. Create the Client and Server subkeys: Right-click on the "TLS 1.2" key and create two new subkeys: "Client" and "Server".

  5. Enable the TLS 1.2 protocol: Under both the "Client" and "Server" subkeys, right-click and create a new DWORD (32-bit) Value. Name it "Enabled" and set its value to 1 to enable TLS 1.2.

  6. Disable previous TLS versions: To ensure the exclusive use of TLS 1.2, it is recommended to disable the previous versions. Under the same "Protocols" folder, locate the "TLS 1.0" and "TLS 1.1" keys under "Client" and "Server" subkeys. Right-click on each key, create a new DWORD (32-bit) Value, and name them "DisabledByDefault". Set their values to 1 to disable TLS 1.0 and TLS 1.1.

  7. Restart the server: After making these changes, restart your Windows Server 2016 to apply the new configurations.

Configuring Windows Server 2016 for TLS 1.2 Security Protocol #

Configuring Windows Server 2016 to use the TLS 1.2 security protocol is vital to ensuring secure communication and protecting sensitive data. By following these steps, you can configure Windows Server 2016 to utilize the TLS 1.2 protocol effectively.

  1. Open the Local Group Policy Editor: Press the Windows key + R on your keyboard to open the Run dialog box. Type "gpedit.msc" and click OK to open the Local Group Policy Editor.

  2. Navigate to the SSL Configuration settings: In the Local Group Policy Editor, navigate to the following path: Computer Configuration > Administrative Templates > Network > SSL Configuration Settings.

  3. Enable the TLS 1.2 protocol: Double-click on the "SSL Enforced Protocol" policy setting. In the properties window, select the "Enabled" option and check the box for "Transport Layer Security (TLS) 1.2". Click Apply and OK to save the changes.

  4. Disable previous TLS versions: To ensure the exclusive use of TLS 1.2, it is recommended to disable the previous versions. In the same "SSL Configuration Settings" folder, double-click on the "SSL Cipher Suite Order" policy setting. In the properties window, replace the existing list of cipher suites with the following cipher suite list: "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_8_SHA256,TLS_AES_128_CCM_SHA256"

  5. Apply the changes: After making these changes, close the Local Group Policy Editor. It may be necessary to restart your Windows Server 2016 for the new configurations to take effect.

By following this step-by-step guide, you can easily enable and configure TLS 1.2 on your Windows Server 2016. Enabling TLS 1.2 enhances the security of your server, ensuring secure communication and protecting your valuable data.