Add TLS 1.2 to IIS 7.5

After about March of 2020, if you were using IIS 7.5 web server, and you needed to provide content secured by HTTPS, you discovered that SSL was no longer supported by contemporary browsers. They were demanding a connection secured by TLS 1.2, before displaying any web content. On the bright side, TLS 1.2 was built into IIS 7.5, but it needed to be manually configured. Here’s how.

Backup Registry Key

In registry editor (regedit), navigate to:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

Backup the Protocols key:
File > Export > ‘IIS Protocos Pre TLS.1.2.reg’ or some name meaningful to you.

Add Three Keys

Add a key named ‘TLS 1.2’ to ‘Protocols’:
Right click the ‘Protocols’ key > New > Key ‘TLS 1.2’.

Then add the final two keys, ‘Client’ and ‘Server’ to ‘TLS 1.2’:
Right click the ‘TLS 1.2’ key > New > Key ‘Client’
Right click the ‘TLS 1.2’ key > New > Key ‘Server’

Add Four Values

Now to each of the new empty ‘Client’ and ‘Server’ keys, add these two DWORD (32-bit) values:
1. value name = DisabledByDefault, value data (base hexadecimal) = 0
2. value name = Enabled, value data (base hexadecimal) = 1

Final TLS 1.2 Registry View

client protocol keys
Figure 1. TLS 1.2 Client Key
server protocol keys
Figure 2. TLS 1.2 Server Key

Microsoft’s older, decade or so, Internet Information Server, by virtue of supporting TLS 1.2, remained capable of negotiating a secure (https) connection with browsers circa 2020.

Leave a comment

Your email address will not be published. Required fields are marked *

+ 21 = 28