I have enabled TLS 1.0/1.1/1.2 protocols on my local Win7 machine and 2012R2 server as well as disabled SSL 2.0/3.0 using the registry DWord value DisabledByDefault = 0 based on the following Microsoft support article: https://support.microsoft.com/en-us/kb/245030 (see SCHANNEL\Protocols subkey...)
But i noticed another TechNet article which seems to contradict this KB article by saying you should use set the Enabled DWORD value = 0xffffffff for each Protocols subkeys (Client or Server). https://technet.microsoft.com/en-us/library/dn786418.aspx
Which value should be used to properly enable the protocols and/or any of the other SCHANNEL settings like CipherSuites and Key Exchanges? Does one have more precedence over the other?
To disable, use a value of 0, like this:
To enable, use a value of, 0xffffffff like this:
You can confirm which ciphers/protcols are enabled by using SSL Scan.
User contributions licensed under CC BY-SA 3.0