Skip to content

Instantly share code, notes, and snippets.

@andyhuey
Created February 10, 2017 18:15
Show Gist options
  • Save andyhuey/bc52c2aea9f93b0d64d1c20ef8fd3993 to your computer and use it in GitHub Desktop.
Save andyhuey/bc52c2aea9f93b0d64d1c20ef8fd3993 to your computer and use it in GitHub Desktop.
Enable TLS 1.2
# Enables TLS 1.2 on Windows Server 2008 R2 and Windows 7
# adapted from https://www.derekseaman.com/2010/06/enable-tls-12-aes-256-and-sha-256-in.html
# Must run as admin. Reboot after running.
$tls12key = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2"
if (Test-Path $tls12key) {
Write-Host "TLS 1.2 key already exists."
exit
}
# These keys do not exist so they need to be created prior to setting values.
md $tls12key
md "$tls12key\Server"
md "$tls12key\Client"
# Enable TLS 1.2 for client and server SCHANNEL communications
New-ItemProperty -path "$tls12key\Server" -name "Enabled" -value 1 -PropertyType "DWord"
New-ItemProperty -path "$tls12key\Server" -name "DisabledByDefault" -value 0 -PropertyType "DWord"
New-ItemProperty -path "$tls12key\Client" -name "Enabled" -value 1 -PropertyType "DWord"
New-ItemProperty -path "$tls12key\Client" -name "DisabledByDefault" -value 0 -PropertyType "DWord"
# Disable SSL 2.0 (PCI Compliance)
# md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server"
# new-itemproperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" -name Enabled -value 0 -PropertyType "DWord"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment