TLS Scenario
To achieve PCI compliance, some users might use the tool (such as IISCrypto) to allow only TLS 1.2 traffic by disabling TLS 1.0 and TLS 1.1 support on their computers. In such a case, you might encounter the unable to reach server error on Windows 7 and Server 2008 computers. The default setting for these OS versions is is TLS 1.0 and TLS 1.1.
How to enable TLS 1.2?
1. Get Windows update to support TLS 1.2
Please refers to this article https://support.microsoft.com/en-us/help/3140245/ to get the update to support TLS 1.2.
2. Register TLS 1.2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000
3. Configure TLS 1.2 to be used for WinHTTP by default
For 32-bit Windows 7/Server 2008
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800
For 64-bit Windows 7/Server 2008
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800
Note:
1. Windows XP uses SSL v3 by default for WinHTTP. Windows 8 or later uses TLS 1.1 for WinHTTP by default.
2. Please add key if there is none showing: TLS 1.2\Server, TLS 1.2\Client
Reference Article: