Enable SCHANNEL Protocols in Windows Registry (Win7 & 2012R2) DisabledByDefault or Enabled?

2

I have enabled TLS 1.0/1.1/1.2 protocols on my local Win7 machine and 2012R2 server as well as disabled SSL 2.0/3.0 using the registry DWord value DisabledByDefault = 0 based on the following Microsoft support article: https://support.microsoft.com/en-us/kb/245030 (see SCHANNEL\Protocols subkey...)

But i noticed another TechNet article which seems to contradict this KB article by saying you should use set the Enabled DWORD value = 0xffffffff for each Protocols subkeys (Client or Server). https://technet.microsoft.com/en-us/library/dn786418.aspx

Which value should be used to properly enable the protocols and/or any of the other SCHANNEL settings like CipherSuites and Key Exchanges? Does one have more precedence over the other?

encryption
tls
authentication
cryptography
openssl
asked on Super User Oct 16, 2015 by xfitr2

1 Answer

2

To disable, use a value of 0, like this: enter image description here

To enable, use a value of, 0xffffffff like this: enter image description here

You can confirm which ciphers/protcols are enabled by using SSL Scan. enter image description here

answered on Super User Oct 16, 2015 by k1DBLITZ • edited Oct 16, 2015 by k1DBLITZ

User contributions licensed under CC BY-SA 3.0