End of life for TLS 1.0 and TLS 1.1

Martin: We at Ruffian Software have removed support for TLS 1.0 and TLS 1.1 from our TechIDManager server infrastructure. This is part of our continuing dedication to doing security right. We are not alone in this, DigiCert and Microsoft are both removing support for these older versions of TLS which have security risks. We hope the following article helps you 
This is an experimental type of article with both the prompt and response direct from ChatGPT. We at Ruffian Software attempt to be super transparent and refuse to try and pawn off content as ours that came from a different source. We also think this content will be useful. Let us know what you think….

Prompt: What versions of windows server need to have something done to enable TLS 1.2

ChatGPT: Enabling TLS 1.2 on Windows Server depends on the specific version you are using. Here’s a breakdown of the steps required for different versions of Windows Server:

<<<snipped out see below>>>

Prompt:  What other versions of windows need something done to enable TLS 1.2 ?

ChatGPT: Enabling TLS 1.2 might also be necessary for some versions of Windows client operating systems, particularly older ones. Here’s a breakdown for various versions of Windows:

<<<snipped out see below>>>

Prompt: Check all the information you just gave me for accuracy. Tell me what might be incorrect.

ChatGPT: Here’s an updated and verified summary of enabling TLS 1.2 on various versions of Windows Server and Windows client operating systems:

Windows Server Versions

  1. Windows Server 2008 and 2008 R2:

    • Registry Changes Required: TLS 1.2 is not enabled by default.
      1. Open regedit.
      2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\.
      3. Create a key named TLS 1.2 and under it create Client and Server subkeys.
      4. In each subkey, create DWORD values named Enabled and DisabledByDefault and set Enabled to 1 and DisabledByDefault to 0.
      5. Apply all updates including KB4019276 for Windows Server 2008​ (Improve & Repeat)​​ (DigiCert)​.
  2. Windows Server 2012 and 2012 R2:

    • Registry Changes Required: TLS 1.2 is supported but may not be enabled by default.
      1. Follow the same registry changes as for Windows Server 2008/R2.
      2. Ensure SchUseStrongCrypto is set to 1 for .NET Framework applications under the registry keys:
        • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727
        • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
      3. Apply the updates from KB3099844 for Windows Server 2012​ (MS Learn)​​ (Windows OS Hub)​.
  3. Windows Server 2016, 2019, and 2022:

    • Enabled by Default: TLS 1.2 is enabled by default and no registry changes are necessary​ (TecAdmin)​.

Windows Client Operating Systems

  1. Windows 7 and Windows 8:

    • Registry Changes Required: TLS 1.2 is not enabled by default.
      1. Follow similar steps as for Windows Server 2008 to create the necessary registry keys and values.
      2. Ensure updates including KB3140245 are applied to enable TLS 1.2​ (Microsoft Support)​​ (DigiCert)​.
  2. Windows 8.1:

    • Enabled by Default: TLS 1.2 is supported and enabled by default, but for certain applications, manual enabling may still be needed as described for Server 2012​ (MS Learn)​.
  3. Windows 10 and Windows 11:

    • Enabled by Default: TLS 1.2 is supported and enabled by default​ (MS Learn)​.

.NET Framework Configuration (Applicable to All Versions)

For applications running on .NET Framework, ensure that strong cryptography is enabled by setting the SchUseStrongCrypto and SystemDefaultTlsVersions registry values under:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
  • Additionally, for 32-bit applications on 64-bit OSs, modify the keys under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\ (MS Learn)​​ (Windows OS Hub)​.

This information ensures accurate steps for enabling TLS 1.2 across different Windows versions, helping maintain secure communications.