Unable to reach server (streamer) because of TLS 1.0 and TLS 1.1 support disabled

TLS Scenario

To achieve PCI compliance, some users might use the tool (such as IISCrypto) to allow only TLS 1.2 traffic by disabling TLS 1.0 and TLS 1.1 support on their computers. In such a case, you might encounter the unable to reach server error on Windows 7 and Server 2008 computers.  The default setting for these OS versions is is TLS 1.0 and TLS 1.1.

 

 

How to enable TLS 1.2?

1. Get Windows update to support TLS 1.2 

Please refers to this article https://support.microsoft.com/en-us/help/3140245/ to get the update to support TLS 1.2.

2. Register TLS 1.2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000

3. Configure TLS 1.2 to be used for WinHTTP by default

For 32-bit Windows 7/Server 2008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800

For 64-bit Windows 7/Server 2008

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800

 

Note:

1. Windows XP uses SSL v3 by default for WinHTTP.  Windows 8 or later uses TLS 1.1 for WinHTTP by default. 

2. Please add key if there is none showing: TLS 1.2\Server, TLS 1.2\Client

Reference Article:

Microsoft Support

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.