TLS 1.2

Enables or disables the use of TLS 1.2. TLS 1.1 and 1.2 are without known security issues.

Changing this setting will require a restart of the computer before the setting will take effect.


Supported on: At least Windows 7
Enable Client-side TLS 1.2 (eg., Internet Explorer)
Enable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ClientEnabledREG_DWORD1
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ClientDisabledByDefaultREG_DWORD0
Disable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ClientEnabledREG_DWORD0
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ClientDisabledByDefaultREG_DWORD1
Enable Server-side TLS 1.2 (eg., IIS)
Enable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ServerEnabledREG_DWORD1
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ServerDisabledByDefaultREG_DWORD0
Disable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ServerEnabledREG_DWORD0
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ServerDisabledByDefaultREG_DWORD1

schannel.admx