locked
Enable TLS 1.2 for RDP for Windows 10 RRS feed

  • Question

  • Hi,

    Does anyone know where I can find information on how to enable TLS 1.2 for RDP connections for Windows 10? I edited the "Require use of specific security layer for remote (RDP) connections", but it seems that it only enables up to TLS 1.0 

    Any help would be greatly appreciated.


    Tuesday, February 11, 2020 12:14 AM

Answers

  • HI
    1.do you want to remote access from one win10 to another win10 by using TLS 1.2?

    2"Does anyone know where I can find information on how to enable TLS 1.2 for RDP connections for Windows 10? "
    How To Enable TLS 1.2 on windows 10?
    https://www.youtube.com/watch?v=8q9qJzteBn8

    Please Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.<o:p></o:p>


    3."I edited the "Require use of specific security layer for remote (RDP) connections", but it seems that it only enables up to TLS 1.0 "
    yes.we need to  set it to TLS 1.0 if we want to use TLS 1.2 .
    Incorrect TLS is displayed when you use RDP with SSL encryption
    (Why "
    The setting of "Security Layer" for GPO "Require use of specific security layer for remote (RDP) connections" only can choose "SSL (TLS 1.0)".)
    https://support.microsoft.com/en-us/help/3097192/incorrect-tls-is-displayed-when-you-use-rdp-with-ssl-encryption


    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Tuesday, February 11, 2020 1:28 PM
  • HI
    4.“So the bug also applies to Windows 10 even though the article for "Incorrect TLS is displayed when you use RDP with SSL encryption "does not directly mention Windows 10?
    this link Incorrect TLS is displayed when you use RDP with SSL encryption
    is to explain Why "The setting of "Security Layer" for GPO "Require use of specific security layer for remote (RDP) connections" only can choose "SSL (TLS 1.0)" and it apply to any device which need to set below policy .
    Computer Policy \ Administrative Templates\Windows Components \Remote Desktop Services \remote desktop session host \security\require use of specific security layer for remote(RDP)connections

    5.By the way ,"Beginning with Windows 10, version 1607 and Windows Server 2016, SSL 2.0 and SSL 3.0 has been disabled by default".Meanwhile "Windows 8.1, Windows Server 2012 R2, Windows 10, Windows Server 2016, and later versions of Windows natively support TLS 1.2 for client-server communications".so TLS 1.2 on win10 is enabled by default.we can install wireshark on both local win10(client side)  and remote win10(sever side) then capture network packet to check if TLS1.2 is using .after i set "require use of specific security layer for remote(RDP)connections" to ssl on win10(server side).i verified it in my test lab like picture.

    Protocols in TLS/SSL (Schannel SSP)
    https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-?redirectedfrom=MSDN


    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.





    Wednesday, February 12, 2020 3:46 AM

All replies

  • HI
    1.do you want to remote access from one win10 to another win10 by using TLS 1.2?

    2"Does anyone know where I can find information on how to enable TLS 1.2 for RDP connections for Windows 10? "
    How To Enable TLS 1.2 on windows 10?
    https://www.youtube.com/watch?v=8q9qJzteBn8

    Please Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.<o:p></o:p>


    3."I edited the "Require use of specific security layer for remote (RDP) connections", but it seems that it only enables up to TLS 1.0 "
    yes.we need to  set it to TLS 1.0 if we want to use TLS 1.2 .
    Incorrect TLS is displayed when you use RDP with SSL encryption
    (Why "
    The setting of "Security Layer" for GPO "Require use of specific security layer for remote (RDP) connections" only can choose "SSL (TLS 1.0)".)
    https://support.microsoft.com/en-us/help/3097192/incorrect-tls-is-displayed-when-you-use-rdp-with-ssl-encryption


    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Tuesday, February 11, 2020 1:28 PM
  • So the bug also applies to Windows 10 even though the article for "Incorrect TLS is displayed when you use RDP with SSL encryption "does not directly mention Windows 10?
    Tuesday, February 11, 2020 4:18 PM
  • HI
    4.“So the bug also applies to Windows 10 even though the article for "Incorrect TLS is displayed when you use RDP with SSL encryption "does not directly mention Windows 10?
    this link Incorrect TLS is displayed when you use RDP with SSL encryption
    is to explain Why "The setting of "Security Layer" for GPO "Require use of specific security layer for remote (RDP) connections" only can choose "SSL (TLS 1.0)" and it apply to any device which need to set below policy .
    Computer Policy \ Administrative Templates\Windows Components \Remote Desktop Services \remote desktop session host \security\require use of specific security layer for remote(RDP)connections

    5.By the way ,"Beginning with Windows 10, version 1607 and Windows Server 2016, SSL 2.0 and SSL 3.0 has been disabled by default".Meanwhile "Windows 8.1, Windows Server 2012 R2, Windows 10, Windows Server 2016, and later versions of Windows natively support TLS 1.2 for client-server communications".so TLS 1.2 on win10 is enabled by default.we can install wireshark on both local win10(client side)  and remote win10(sever side) then capture network packet to check if TLS1.2 is using .after i set "require use of specific security layer for remote(RDP)connections" to ssl on win10(server side).i verified it in my test lab like picture.

    Protocols in TLS/SSL (Schannel SSP)
    https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-?redirectedfrom=MSDN


    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.





    Wednesday, February 12, 2020 3:46 AM
  • Thank you so much!
    Wednesday, February 12, 2020 4:08 PM