locked
Enable TLS 1.1 and TLS 1.2 for ADFS 2.0 on Windows 2008 R2 SP1 RRS feed

  • Question

  • Please let me know the steps to enable TLS 1.1 and TLS 1.2 on ADFS 2.0. I have followed the instructions mentioned in https://support.microsoft.com/en-us/help/3194197/considerations-for-disabling-and-replacing-tls-1.0-in-adfs. Following things were done:

    1> Disabled SSL 3.0 and TLS 1.0 from registry

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

    2> Enabled TLS 1.1 and TLS 1.2 from registry

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

    3> Installed the .net pre requisite patch

    4> Installed .net patch

    5> Made the registry changes for SchUseStrongCrypto

    6> Reboot system

    I still see the ADFS is trying to negotiate with SSL 3.0 while creating a Claims Provider Trust with another ADFS metadata URL. However when I use IE and enable only TLS 1.1 and TLS 1.2, the negotiation is done via 1.2 which is expected.

    Wednesday, April 19, 2017 9:20 AM