I have a scenario as below;
client <--TLS 1.0- -> server process <--- TLS 1.2 ---> Backend Existing clients need to continue to talk TLS 1.0 to my server process (they will be upgraded another day) however the "server process" needs to talk to the backend using TLS 1.2. I've made the changes below to the registry however I'm not sure if I need to enable all 3 versions 1.0, 1.1 and 1.2, on the assumption that the handshake phase will chose the highest (correct) version of TLS as required.
I have created the TLS1.0, TLS1.1 and TLS 1.2 keys and then the Client and Server keys for each. Under each I have DisabledByDefault set to 0 (32bit DWORD) and Enabled set to 1 (32 bit DWORD) for each. So all 3 versions of TLS are enabled as below. Is that the right thing to do, or do I just need to enable 1.2 version (Client and Server) and disable all others?
Registry Looks like this I'm running Windows Server 2008 R2 Service Pack 1 and its a very fragile environment, so I need to get this right first time before rebooting. Apart from these changes, I don't need to apply any patches, do I ?
...\Protocols\TLS 1.2\Server] "Enabled"=dword:00000001
...\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000
...\Protocols\TLS 1.2\Client] "Enabled"=dword:00000001
...\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000
...\Protocols\TLS 1.1\Server] "Enabled"=dword:00000001
...\Protocols\TLS 1.1\Server] "DisabledByDefault"=dword:00000000
...\Protocols\TLS 1.1\Client] "Enabled"=dword:00000001
...\Protocols\TLS 1.1\Client] "DisabledByDefault"=dword:00000000
...\Protocols\TLS 1.0\Server] "Enabled"=dword:00000001
...\Protocols\TLS 1.0\Server] "DisabledByDefault"=dword:00000000
...\Protocols\TLS 1.0\Client] "Enabled"=dword:00000001
...\Protocols\TLS 1.0\Client] "DisabledByDefault"=dword:00000000
Thanks a million for your help.
Kind regards
Graham
