How to check if TLS 1.2 is enabled?
- If the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault is present, the value should be 0.
- If the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\Enabled is present, value should be 1.
- Check if TLS 1.2 is set as the default secure protocol in WinHTTP for Windows versions Windows Server 2008 R2, Windows Server 2012, and Windows 7.
How to check if TLS 1.2 is the default secure protocol in WinHTTP:
Compatible versions: Windows Server 2008 R2, 2012, and Windows 7- Check Microsoft update 'kb3140245' is installed.
- Check if the below registry key contains the value '0x00000A00' or '0x00000800':
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\DefaultSecureProtocols - If it is a 64 bit machine, check 'Wow6432Node' path also:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\DefaultSecureProtocols
If the registry key is not present, please add the registry key as mentioned in the Microsoft document. Related Articles:
- Supported TLS versions
- Common FAQs on upgrading to TLS version 1.2
- Why is my Windows server monitor in DOWN status, even after enabling TLS version 1.2?
- Install the Windows server monitoring agent
- Services that are installed by the Windows server monitoring agent