Enabling TLS 1.2 / IIS?

[Chiefcrowe]

Does anyone know how to enable this on IIS on Server 2008 R2?

I'm not sure why it's not enabled by default or at least in one of the default dialog boxes...

 

[Dahak]

It does not look like you can do it via the dialogs

http://blogs.msdn.com/b/kaushal/archive/2011/10/02/support-for-ssl-tls-protocols-on-windows.aspx

Have to it by the registry
http://support.microsoft.com/kb/245030

 

[ArisVer]

In Windows 7. Control Panel > Programs and Features > on the left "Turn Windows features on or off. It opens a tab where you can check the IIS.

Might be the same in R2.

 

[Chiefcrowe]

Thanks.. strange that you have to go with the registry method. Wonder why that is?
anyone know if it's different in 2012 R2? I don't have it to check..

It does not look like you can do it via the dialogs

http://blogs.msdn.com/b/kaushal/archive/2011/10/02/support-for-ssl-tls-protocols-on-windows.aspx

Have to it by the registry
http://support.microsoft.com/kb/245030

 

[smakme7757]

It can also be done via Group Policy, however there is a fantastic tool which can do it for you 🙂

https://www.nartac.com/Products/IISCrypto/

It also has inbuilt profiles for various "Best Practice" as well. If you use SSLLabs to gauge your setup then you will get an A almost without any work by just using the "Best practice" profile as long as your certificates are in order.

That's what I use on the IIS servers I administrate.

 

[Dahak]

In the msdn post it shows that it is enabled by default for 2012 / 2012 R2