Enable SCHANNEL Protocols in Windows Registry (Win7 & 2012R2) DisabledByDefault or Enabled?

Question

Enable SCHANNEL Protocols in Windows Registry (Win7 & 2012R2) DisabledByDefault or Enabled?

2008

xfitr2 2015-10-16 в 21:14

I have enabled TLS 1.0/1.1/1.2 protocols on my local Win7 machine and 2012R2 server as well as disabled SSL 2.0/3.0 using the registry DWord value DisabledByDefault = 0 based on the following Microsoft support article: https://support.microsoft.com/en-us/kb/245030 (see SCHANNEL\Protocols subkey...)

But i noticed another TechNet article which seems to contradict this KB article by saying you should use set the Enabled DWORD value = 0xffffffff for each Protocols subkeys (Client or Server). https://technet.microsoft.com/en-us/library/dn786418.aspx

Which value should be used to properly enable the protocols and/or any of the other SCHANNEL settings like CipherSuites and Key Exchanges? Does one have more precedence over the other?

2

1 ответ на вопрос

2

Accepted Answer · 2015-10-16 23:25:25

k1DBLITZ 2015-10-16 в 23:25

To disable, use a value of 0, like this:

To enable, use a value of, 0xffffffff like this:

You can confirm which ciphers/protcols are enabled by using SSL Scan.

Enable SCHANNEL Protocols in Windows Registry (Win7 &amp; 2012R2) DisabledByDefault or Enabled?

1 ответ на вопрос

Похожие вопросы

Enable SCHANNEL Protocols in Windows Registry (Win7 & 2012R2) DisabledByDefault or Enabled?