Enable Schannel protocols (e.g. TLS 1.2) - DWORD "Enabled" value "0x00000001" or "0xFFFFFFFF"? RRS feed

  • Question

  • I am working on a GPO that forces Schannel settings, such as which ciphers, hashing algorithms, and protocols are enabled, and also the cipher suite order.

    I'm using GPP registry settings to force most of the settings, but I'm seeing conflicting guidance on which DWORD value to use for enabling protocols.

    Some of the guidance I see says to use the DWORD "Enabled" with the "0x00000001" value to enable protocols such as TLS 1.0, 1.1, or 1.2.  Other guidance I'm seeing says to use the value "0xFFFFFFFF".  Which is it?  Or is it OS dependent?

    This GPO will be supporting Windows Server 2003 - 2012 R2.  I can use item-level targeting to have different values for different OSes, if necessary.

    Thank you in advance!

    Monday, July 18, 2016 8:26 PM


All replies