, Last time also I followed the same approach similar to your suggestion and it didn't work for me. This occasion I tried your suggestion using IIS Crypto 3.3 tool to apply the settings (refer the screenshot below) still server hello works on TLS 1.0 (refer the screenshot below)
FYI - I have not enabled system encryption protocols for .Net 3.5 and 2.0 and I am not sure if this should be added. Also, I verified the Internet settings there TLS 1.0 & 1.1 is unchecked.
Create a key named "TLS 1.1" with two DWORDs for both TLS 1.0 & 1.1: "DisabledByDefault=1" & "Enabled=0". Similarly, create a key named "TLS 1.0" with two DWORDs for each protocol, "DisabledByDefault=1" & "Enabled=0".
According to this documentation by default TLS 1.0, 1.1 and 1.2 are enabled in Windows Server 2019. TLS 1.3 is only supported in Server 2022 and newer versions. Further this documentation states that TLS 1.0 and 1.1 are only disabled by default starting with Windows 11 (and Server 2022 i guess) in 2024.
In the Internet Options window on the Advanced tab, under Settings, scroll down to the Security section. In the Security section, locate the Use SSL and Use TLS options and uncheck Use SSL 3.0 and Use SSL 2.0. If they are not already selected, check Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2.
These disable SSL 3.0, TLS 1.0, and RC4 protocols. Because this situation applies to SChannel, it affects all the SSL/TLS connections to and from the server. You must restart the computer after you change these values.
When possible, instead of editing the registry directly, use Group Policy or other Windows tools such as the Microsoft Management Console (MMC). If you must edit the registry, use extreme caution. Setting these DWORD values to 1 enables TLS 1.0 and 1.1 for TLS clients and servers.
Open registry on your server by running regedit in the run window. Navigate to the below location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols . Now change DWORD values under Server and Client under TLS 1.0: DisabledByDefault [Value = 0] and Enabled [Value = 0] .
To disable host verification so that the connector does not require the host name in the server's certificate to match the host name of the server, set the UseHostVerification value to 0. To disable SSL encryption so that the connector does not connect to the server over SSL, set the UseEncryptedEndpoints value to 0.
Address: Suite 153 582 Lubowitz Walks, Port Alfredoborough, IN 72879-2838
Phone: +128413562823324
Job: IT Strategist
Hobby: Video gaming, Basketball, Web surfing, Book restoration, Jogging, Shooting, Fishing
Introduction: My name is Rev. Porsche Oberbrunner, I am a zany, graceful, talented, witty, determined, shiny, enchanting person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.