Unable to reach server (streamer) because of TLS 1.0 support disabled

TLS Scenario

To achieve PCI compliance, some users might use the tool (such as IISCrypto) to allow only TLS 1.1 and 1.2 traffic by disabling TLS 1.0 support on their computers. In such a case, you might encounter the unable to reach server error on Windows 7 and Server 2008 computers.  The default setting for these OS versions is TLS 1.0.

 

How to enable TLS 1.1?

1. Register TLS 1.1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000

2. Configure TLS 1.1 to be used for WinHTTP by default

For 32-bit Windows 7/Server 2008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000200

For 64-bit Windows 7/Server 2008

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000200

 3. For TLS 1.2, use dword:00000800, instead for Step 2

Note:

Windows XP uses SSL v3 by default for WinHTTP.  Windows 8 or later uses TLS 1.1 for WinHTTP by default.

Reference Article:

Microsoft Support

false
0 out of 2 found this helpful