Please let me know the steps to enable TLS 1.1 and TLS 1.2 on ADFS 2.0. I have followed the instructions mentioned in https://support.microsoft.com/en-us/help/3194197/considerations-for-disabling-and-replacing-tls-1.0-in-adfs. Following things were done:
1> Disabled SSL 3.0 and TLS 1.0 from registry
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\
2> Enabled TLS 1.1 and TLS 1.2 from registry
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\
3> Installed the .net pre requisite patch
4> Installed .net patch
5> Made the registry changes for SchUseStrongCrypto
6> Reboot system
I still see the ADFS is trying to negotiate with SSL 3.0 while creating a Claims Provider Trust with another ADFS metadata URL. However when I use IE and enable only TLS 1.1 and TLS 1.2, the negotiation is done via 1.2 which is expected.
