In this article, I will show you how to use TLS1.1 and TLS1.2 on Windows Server 2008.
Please note that I am not talking about Window Server 2008 R2.
About Service Pack
In order to use TLS 1.1 or higher on Windows Server 2008, you need to apply Service Pack 2. The following information is based on the assumption that Windows Server 2008 SP2 is used.
Applying the update program
Unfortunately, TLS1.1 and TLS1.2 cannot be used on Windows Server 2008 SP2 as is.
Therefore, you need to apply the update first.
Please obtain the update from the Microsoft website.
Even if you apply the update, TLS1.1 and TLS1.2 are disabled by default, so you need to change the registry.
Please add values to the following keys.
Key (maximum 4):.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
Value (Every key has the same value.) Name: Disabled
Name: DisabledByDefault
Value: 0(DWORD value)
The reason why there are four separate keys is because there are two types, TLS1.1 and TLS1.2, and they are divided into Client and Server.
Client is added to the registry when TLS communication is performed as a client, such as when connecting to other web services from the target Windows Server 2008 SP2.
Server adds a registry when the target Windows Server 2008 SP2 performs TLS communication as a server, such as when providing web services.
コメント