方法一:新建文本文件,将下述内容复制到文本保存, 后缀名改为reg, 双击导入,重启服务器后即可启用TLS 1.2
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000
方法二:把下面的代码复制到PowerShell里运行一下,然后重启服务器
md "HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2"
md "HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server"
md "HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client"
new-itemproperty -path "HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server"
-name "Enabled" -value 1 -PropertyType "DWord"
new-itemproperty -path "HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server"
-name "DisabledByDefault" -value 0 -PropertyType "DWord"
new-itemproperty -path "HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client"
-name "Enabled" -value 1 -PropertyType "DWord"
new-itemproperty -path "HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client"
-name "DisabledByDefault" -value 0 -PropertyType "DWord"
md "HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Server"
new-itemproperty -path "HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Server"
-name Enabled -value 0 -PropertyType "DWord"
Enables TLS 1.2 on Windows Server 2008 R2 and Windows 7 # These keys do
not exist so they need to be created
prior to setting values. md
"HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS
1.2" md
"HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS
1.2Server" md
"HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS
1.2Client" # Enable TLS 1.2 for client and server SCHANNEL
communications new-itemproperty -path
"HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS
1.2Server" -name "Enabled" -value 1 -PropertyType "DWord"
new-itemproperty -path
"HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS
1.2Server" -name "DisabledByDefault" -value 0 -PropertyType "DWord"
new-itemproperty -path
"HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS
1.2Client"
-name "Enabled" -value 1 -PropertyType "DWord" new-itemproperty -path
"HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS
1.2Client" -name "DisabledByDefault" -value 0 -PropertyType "DWord" #
Disable SSL 2.0 (PCI Compliance) md
"HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL
2.0Server" new-itemproperty -path
"HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL
2.0Server" -name Enabled -value 0 -PropertyType "DWord"
黑公网安备 23010302001330
