How to disable TLS 1.0 on Windows Server 2012 having 4.5 .Net Framework using registry keys

Question

Can anyone provide a solution to disable TLS 1.0 as default protocol on Windows Server 2012 Standard with 4.5 .Net Framework installed on the machine. The application running on the server have target framework of .NET 4.5 and is making connection with another server which have only TLS 1.2 enabled.

I have tried setting the below Registries but it is still making call on TLS1.0:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "Enabled"=dword:00000001 "DisabledByDefault"=dword:00000000

Microsoft's documentation site only list the fix in code by setting the Security protocol as below

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

But is there any way to achieve this via the registry?

Answer 1

For anyone with similar problems:

Open PowerShell run as administrator: [Net.ServicePointManager]::SecurityProtocol

Notice the response is Ssl3, Tls

Run the following 2 commands in PowerShell

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

Close PowerShell, reopen as admin, run: [Net.ServicePointManager]::SecurityProtocol

Now notice the output, the system will work without using this code System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

Output is: Tls, Tls11, Tls12

Disable the Tls1 on the OS and it will negotiate Tls12 if available.