Enabling TLS 1.2 on a Windows 10 development machine

I’ve noticed a lot of services lately notifying that communication using TLS 1.0 and 1.1 are going to be disabled in the near future. While I haven’t had any problems yet in my production environment (because TLS 1.2 is configured correctly), I noticed a problem in a test environment. The error message I was receiving from one particular service was:

The request was aborted: Could not create SSL/TLS secure channel

At first, I wasn’t quite sure why there was a problem, but after I received an email from the service provider about sunsetting TLS 1.0 and 1.1, it dawned on me that my dev box didn’t have TLS 1.2 properly configured.

I develop on Windows, so the way you enable TLS 1.2 on Windows (or at least the only way I found), was directly through the registry editor.

The subkeys you need to edit are as follows*:

  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727
  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727
  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319

For each of these, add 2 DWORDs:

  1. SystemDefaultTlsVersions (value data: 1)
  2. SchUseStrongCrypto (value data: 1)

And that’s it. As soon as I added those keys to my registry, the application on my development box started worked again

*Note: you do not need to add all four subkeys depending on whether you are running on a 32 or 64-bit machine and running 32-bit or 64-bit software. See the resources below for more details

Resources

https://support.microsoft.com/en-us/help/4040243/how-to-enable-tls-1-2-for-configuration-manager