none
gpo keys not supported in win2k3, what happens when adding win2k8r2+ only keys?

    Question

  • GPO: enable tls 1.0, 1.1 and 1.2 via schannel registry key. Only tls 1.0 will work in win2k3 since this os does not support 1.1 or 1.2. However if you have a gpo to create the registry keys, 1.1 and 1.2 would be created along with 1.0. What does win2k3 due to these keys, ignore them or attempt and fail at 1.1/1.2tls which are not supported?

    is gpo appropriate? The IE setting is different where you can set it for "current users". Schannel is for changing apps/programs and the protocols they support. Thanks for feedback.


    specifically this is an example where you enable tls 1 - 1.2, just concerned how win2k3 servers would react.

    links for my resources:

    http://tecadmin.net/enable-tls-on-windows-server-and-iis/

    http://blogs.msdn.com/b/kaushal/archive/2011/10/02/support-for-ssl-tls-protocols-on-windows.aspx

    http://jackstromberg.com/2013/09/enabling-tls-1-2-on-iis-7-5-for-256-bit-cipher-strength/

    https://support.microsoft.com/en-us/kb/245030

    • Edited by xxjergerxx Saturday, April 11, 2015 1:02 PM
    Saturday, April 11, 2015 2:55 AM

Answers

All replies