系统相关
首页 > 系统相关> > Enables TLS 1.2 on windows Server 2008 R2

Enables TLS 1.2 on windows Server 2008 R2

作者:互联网

1、These keys do not exist so they need to be created prior to setting values.

    md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2”
    md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server”
    md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client”

2、Enable TLS 1.2 for client and server SCHANNEL communications
    new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server” -name “Enabled” -value 1 -PropertyType “DWord”
    new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server” -name “DisabledByDefault” -value 0 -PropertyType “DWord”
    new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client” -name “Enabled” -value 1 -PropertyType “DWord”
    new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client” -name “DisabledByDefault” -value 0 -PropertyType “DWord”

3、Disable SSL 2.0 (PCI Compliance)
    md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0”
    md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server”
    new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server” -name Enabled -value 0 -PropertyType “DWord”

4、Enables TLS 1.2 on Windows Server 2008 R2 and Windows 7
     These keys do not exist so they need to be created prior to setting values.
    md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2”
    md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server”
    md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client”

5、Enable TLS 1.2 for client and server SCHANNEL communications
    new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server” -name “Enabled” -value 1 -PropertyType “DWord”
    new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server” -name “DisabledByDefault” -value 0 -PropertyType “DWord”
    new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client” -name “Enabled” -value 1 -PropertyType “DWord”
    new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client” -name “DisabledByDefault” -value 0 -PropertyType “DWord”

6、Disable SSL 2.0 (PCI Compliance)
    md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0”
    md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server”
    new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server” -name Enabled -value 0 -PropertyType “DWord”

=============================================================================
另一种方法:

windows服务器安全管理工具——IISCrypto

标签:TLS,Control,CurrentControlSet,R2,1.2,SCHANNEL,SecurityProviders,HKLM,Protocols
来源: https://www.cnblogs.com/zhaolongisme/p/15684148.html