Table of Contents
We have covered how to enable TLS 1.2 and TLS 1.3 on Windows Server in the previous post. That lets you know how to enable TLS protocols on a Windows Server locally. If you try enabling TLS on all the servers one after another, it may sound like an uphill task. In such a case, it could be implemented using Active Directory’s Group Policies. We have created this post to let you know how to enable TLS 1.2 and TLS 1.3 via Group Policy. Since TLS 1.3 doesn’t support other than Windows 11 and Windows Server 2022, implement TLS 1.3 only to Windows 11 and Windows Server 2022 operating systems.
Without further due, let’s see how to enable TLS 1.2 and TLS 1.3 via Group Policy.
How to Enable TLS 1.2 and TLS 1.3 via Group Policy
Step 1. Open regedit utility
Open Group Policy Management (gpmc.msc) in a Domain Controller.
Step 2. Creating a GPO in the Domain Controller
Navigate to the OU where Policy to be linked and right click and select ‘Create a GP in this domain and Link it here’; In this demo selecting ‘Domain Controllers’ OU.
Step 3. Rename the GPO to ‘Enable_TLS 1.2_TLS 1.3’
Name the New GPO and click on ‘OK’; this creates a New GP which is linked to the OU.
Step 4. Edit the ‘Enable_TLS 1.2_TLS 1.3’ GPO
Right-click the Policy and click on ‘Edit’.
Step 5. Create Registry Item in Group Policy
Navigate to Computer Configurations –> Preferences –> Windows Settings –> Registry in Group Policy.
Create new Registry by Right click on the blank space and select New –> Registry Item
Step 6. Update Registry Properties
In new Registry Properties update the details as below and click on ‘OK’.Action: UpdateHive: HKEY_LOCAL_MACHINEKey Path: SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ClientValue name: EnabledValue type: REG_DWORDValue data: 1Base: Hexadecimal
[OPTIONAL] Commands to create Registry Item in Group Policy
Create few more keys. Well, you can create the way shown in the above steps or you can also use commands to create the new registry items.
– Create a key ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisableByDefault’ and set the value as ‘0’– Create a key ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server\Enabled’ and set the value as ‘1’– Create a key ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server\DisableByDefault’ and set the value as ‘0’– Create a key ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters\EnableHttp3’ and set the value as ‘1’[OPTIONAL] List of Registry Item in Group Policy
The image shows the list of Registry items created in Group Policy.
We hope this post would help you know how to enable TLS 1.2 and TLS 1.3 via Group Policy to enhance the security of your infrastructure. Please share this post if you find this interested. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
- April 18, 2024
Learn Something New with Free Email subscription
Learn Something New with Free Email subscription
Subscribe
Subscribe
Subscribe
Subscribe
- April 18, 2024
