WinServer 2008 R2 SP1, IIS 7.5 upgrade to TLS 1.2 or 1.3

2
votes

When browse my website on Firefox and look console I see this warning

This site uses a deprecated version of TLS that will be disabled in March 2020. Please upgrade to TLS 1.2 or 1.3

I've followed this guidelines to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows from

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi

I download and manual install kb3140245 then use Easyfix for update Registry and restart server

But I still see warning above and don't know how to resolve it

Any help would be appreciated, Thank you

1
iis-7.5tls1.2window-server
Windows Server 2008 R2 is end of life. You have to upgrade to a newer Windows release.Lex Li
yes, 2008 is end of life. but to resolve the issue you could try to use the IIS crypto and enable tls 1.1 and 1.2. you could download that extension from this linkJalpa Panchal
@JalpaPanchal Thank for your comment but It's server environment so I cannot use tool from non official sourceBùi Đức Khánh

1 Answers

3
votes

I found solution from here: https://tecadmin.net/enable-tls-on-windows-server-and-iis/

  1. Backup your registry

  2. Open registry on your server by running regedit in run window and navigate to below location

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

  1. Add the TLS 1.1 and TLS 1.2 keys under Protocols. It will looks like directories

  2. Now create two keys Client and Server under both TLS 1.1 and TLS 1.2 keys

  3. Create the DWORD Values under Server and Client key of TLS 1.1 as following

    DisabledByDefault [Value = 0]
Enabled [Value = 0]

  4. Create the DWORD Values under Server and Client key of TLS 1.2 as following

    DisabledByDefault [Value = 0]
Enabled [Value = 1]

enter image description here 7. Restart server and warning is gone