Reply to: Running TLS v1.2 on Windows Server 2003 SP2

I have two servers running Windows Server 2003 SP2. Let's call them Dev and Prod.

Both servers connect to a web service to transfer and receive data, which requires the connecting server to use TLS v1.2 for security reasons.

Both servers have had the necessary Windows Security update (KB2585542) applied to allow TLS v1.2 to be run on this OS.

I have used Wireshark to analyse the traffic when the servers try to connect to the web service.

The Dev server uses v1.2 for the connection, and the connection works. The Prod server uses v1.0, and the connection doesn't work.

According to certain forums and a network chap at the company where I work the way to force v1.2 to run is to add a DWORD entry in the registry in a certain place. The DWORD entry should basically turn off v1.0 by specifying "Enabled" = 0. The place for the registry entry is:

HKey_Local_Machine\System\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols - under the "Server" subkey of "TLS 1.0".

I tried adding this entry to the Prod server in the correct place and rebooted the server, but it still used v1.0 for the connection.

I've checked the registry of the Dev server and it doesn't have this entry either.

So, the question is, is there another way of forcing TLS to run under v1.2? The Dev server must have something set other than the registry key forcing it to run v1.2.

Thank you.
Moose