What is the correct registry value to Enable TLS v 1.2 in windows server 1 or 0xffffffff

All replies

• 

  

  0

  Sign in to vote

  This one might help.

  Registry path: HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

  To disable the TLS 1.2 protocol, create an Enabled entry in the appropriate subkey. This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 0. To enable the protocol, change the DWORD value to 1

  https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx

   

   

   

  ---

  
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows Server] Datacenter Management
  
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
  

  • Proposed as answer by Dave PatrickMVP Wednesday, December 13, 2017 1:58 PM
  • Unproposed as answer by Dave PatrickMVP Wednesday, December 13, 2017 2:00 PM
  • Marked as answer by kbniranjan Tuesday, December 19, 2017 7:41 AM

  Tuesday, December 12, 2017 4:20 PM
• 

  

  0

  Sign in to vote

  Thanks for your suggestion.

  We are already applying this setting as specified. My query is specific to setting 0xffffffff value to enable TLS v 1.2 as suggested in CIS benchmark, and How it is different that setting a value 1.

  
  

  ---

  Kranti Bhushan | MCSA 2003

  Wednesday, December 13, 2017 7:32 AM
• 

  

  0

  Sign in to vote

  Hi，

  Technically speaking, any non-zero value would match to "Enabled".

  There is a similar thread with you，please refer to it.

  https://social.technet.microsoft.com/Forums/windowsserver/en-US/36feef50-0500-4664-b6ab-935b4aad39ee/enable-schannel-protocols-eg-tls-12-dword-enabled-value-0x00000001-or-0xffffffff?forum=winserversecurity

  Best Regards
  
  Frank

   

  ---

  Please remember to mark the replies as answers if they help and unmark them if they provide no help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  • Proposed as answer by frank_songMicrosoft contingent staff Wednesday, December 13, 2017 9:09 AM

  Wednesday, December 13, 2017 9:09 AM
• 

  

  0

  Sign in to vote

  Thanks for your suggestion.

  We are already applying this setting as specified. My query is specific to setting 0xffffffff value to enable TLS v 1.2 as suggested in CIS benchmark, and How it is different that setting a value 1.

  Unsigned 0xffffffff (hex) = -1 (decimal so it really isn't different, end result is "enabled"

   

   
  

  ---

  
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows Server] Datacenter Management
  
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
  

  
  

  • Edited by Dave PatrickMVP Wednesday, December 13, 2017 2:05 PM
  • Proposed as answer by Dave PatrickMVP Monday, December 18, 2017 1:52 PM
  • Marked as answer by kbniranjan Tuesday, December 19, 2017 7:42 AM

  Wednesday, December 13, 2017 2:04 PM
• 

  

  0

  Sign in to vote

  Hi,
  Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
  
  Best Regards,
  
  Frank

  ---

  Please remember to mark the replies as answers if they help and unmark them if they provide no help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Monday, December 18, 2017 9:14 AM
• 

  

  0

  Sign in to vote

  Thanks everyone for your suggestions.

  We have implemented the value 1 to enable the TLS 1.2. Let's see if it pass the security test or the scan team will looks specifically for 0xffffffff value.

  ---

  Kranti Bhushan | MCSA 2003

  Tuesday, December 19, 2017 7:44 AM