IIS 7 and Above
IIS and TLS 1.2
Last post Nov 30, 2011 02:04 PM by satyenshah
Feb 13, 2009 04:42 PM|peaceable_whale|LINK
The Internet Explorer 8 in Windows 7 and Windows Server 2008 R2 seems to support
TLS 1.2. Does IIS 7.5 support TLS 1.2?
Feb 13, 2009 08:06 PM|Rovastar|LINK
Feb 14, 2009 03:35 AM|peaceable_whale|LINK
When I select "Use TLS 1.2" only in IE8 (all other SSL/TLS versions are unchecked), https://localhost/ cannot be displayed.
Feb 20, 2009 07:31 AM|Andrew Zhu - MSFT|LINK
Have you tried in IE7?
https://localhost/ cannot be displayed.
Is there any error message? What the log files tell?
Feb 20, 2009 08:02 PM|peaceable_whale|LINK
Windows 7 does not have IE7.
May 28, 2009 08:29 AM|jeremy_viegas|LINK
May 28, 2009 09:17 AM|peaceable_whale|LINK
Does the IIS of Windows 7 support the key? I have set the required key but Internet Explorer continues to report the connection error when only TLS 1.2 is enabled.
May 28, 2009 06:03 PM|anilr|LINK
I believe only the client side of schannel on win7/ws08r2 supports TLS 1.2, the server side of schannel does not.
Jul 18, 2009 08:46 AM|jeremy_viegas|LINK
Schannel server side support is available for TLS 1.2. In fact there is a test server here:
https://tls.woodgrovebank.com. Please follow the instructions from my previous post to enable TLS 1.2 and TLS 1.1. Also add a DWORD DisabledByDefault with value 0.
Jul 18, 2009 11:59 AM|peaceable_whale|LINK
Thanks! Adding DisabledByDefault=0 has succesfully enabled TLS 1.2 server support.
The Microsoft Interop Test Server is good. However, could the Team also make a SSL/TLS test page like
https://www.mikestoolbox.net/? That test page helps SSL/TLS client developer to debug their programs.
Jul 19, 2009 02:23 AM|steve schofield|LINK
Windows Server MVP - IIS
Log archival solution
Install, Configure, Forget
Aug 24, 2009 05:11 PM|jeremy_viegas|LINK
We'll look into updating the test server with something similar. Thanks for the suggestion.
Jun 27, 2010 05:49 AM|yngdiego|LINK
I found a blog article that has a PowerShell script that enables TLS 1.2 for client and server SCHANNEL communications.
Sep 22, 2011 04:01 PM|wappentake|LINK
Why is Windows 2008 sever R2 not listed in the "Applies To" list in the KB article? I assumed that this was because it supported TLS 1.1 and 1.1 by default.
Nov 10, 2011 04:33 AM|kaushilz|LINK
IIS 7 does not include support for TLS 1.2, in fact it relies on the Schannel component like any other microsoft product.
By Default it is disabled on the server. So, if you want to enable server side support, then add the registry keys as suggested in the KB article
Below is a snippet from the article:
Start Registry Editor (Regedt32.exe), and locate the following key in the registry.
To enable the use of the protocols that will not be negotiated by default (such as TLS 1.1 or TLS 1.2), change the DWORD value data of the DisabledByDefault value to 0x0 in each of the following registry keys under the Protocols key:
Nov 30, 2011 02:04 PM|satyenshah|LINK
I like this free tool from
nartac.com for disabling SSL 2.0 and enabling TLS 1.2. It has a one-click option for PCI compliance:
The tool also makes it simpler to protect against the September 2011
BEAST vulnerability by moving TLS/RC4 up to the top of the cipher list.