Migrating from TLS 1.0 to TLS 2.0

The Payment Card Industry has mandated that all PCI customers must migrate from SSL and TLS 1.0 to be considered compliant by June 30th 2018.  I want to migrate from TLS 1.0 and make TLS 1.1 and TLS 1.2 available for use.  I know that you can enable and disable both within the registry and in the "Internet Options Advanced Tab. On a Windows server 2008R2  through Windows 2012R2  where can I find the configuration for TLS 1.1 or 1.2 to be used whether an application, executable, or even the website? I have looked throughout IIS and cannot figure this out. Thanks in advance for any help available.
SteveKendrickDirector of TechnologyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Justin EvansCommented:
On Windows 2012 R2 the registry key you are after is here

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols

and I believe this is the answer for 2008

Kind Regards

Garfield SamuelsProject ManagerCommented:
Have a look at this:

Payment Card Industry (PCI) requires TLS 1.1 or TLS 1.2 for compliance.


The DefaultSecureProtocols registry entry can be added in the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
On x64-based computers, DefaultSecureProtocols must also be added to the Wow6432Node path:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
The registry value is a DWORD bitmap. The value to use is determined by adding the values corresponding to the protocols desired.

DefaultSecureProtocols Value      Protocol enabled
0x00000008      Enable SSL 2.0 by default
0x00000020      Enable SSL 3.0 by default
0x00000080      Enable TLS 1.0 by default
0x00000200      Enable TLS 1.1 by default
0x00000800      Enable TLS 1.2 by default
For example:

The administrator wants to override the default values for WINHTTP_OPTION_SECURE_PROTOCOLS to specify TLS 1.1 and TLS 1.2.

Take the value for TLS 1.1 (0x00000200) and the value for TLS 1.2 (0x00000800) then add them together in calculator (in programmer mode), the resulting registry value would be 0x00000A00.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SteveKendrickDirector of TechnologyAuthor Commented:
Thanks Guys!
Jose Gabriel Ortega CastroCEOCommented:
I agree, just run this script:


It solves two vulnerabilities of that payment industry.

Seth SimmonsSr. Systems AdministratorCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

-- Garfield Samuels (https:#a42452999)
-- Justin Evans (https:#a42452964)
-- Jose Gabriel Ortega C (https:#a42453039)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Experts-Exchange Cleanup Volunteer
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.