If your server still uses TLS 1.0 or TLS 1.1, many modern applications, APIs, and browsers may refuse to connect. That’s because most platforms now require TLS 1.2 for secure communication.
In this guide, you’ll learn how to enable TLS 1.2 on Windows Server 2012 step by step, including the registry configuration and verification process. This method improves security, compatibility, and compliance with modern standards.
Quick Answer (Featured Snippet)
To enable TLS 1.2 on Windows Server 2012:
- Open Registry Editor
- Navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols - Create a new key called TLS 1.2
- Add two subkeys:
- Client
- Server
- Create these DWORD values inside both keys:
Enabled = 1DisabledByDefault = 0
- Restart the server
This activates TLS 1.2 for secure server communication.
Why Enable TLS 1.2 on Windows Server 2012?
Microsoft and most modern platforms now require TLS 1.2 for encrypted communication.
Benefits of enabling TLS 1.2
- Stronger encryption and security
- Required for modern web services and APIs
- Compatible with Microsoft services and Azure
- Helps meet security compliance standards
Without TLS 1.2, many services like payment gateways, email systems, and APIs may stop working.
Method 1 – Enable TLS 1.2 Using Registry (Recommended)
Follow these steps carefully.
Step 1: Open Registry Editor
Press:
Windows + R
Type:
regedit
Press Enter.
Step 2: Navigate to SCHANNEL Protocols
Go to this path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
This location controls SSL and TLS protocol settings.
Step 3: Create TLS 1.2 Key
If it doesn’t exist:
- Right-click Protocols
- Select New → Key
- Name it:
TLS 1.2
Step 4: Create Client and Server Keys
Inside TLS 1.2, create two keys:
Client
Server
Step 5: Add Registry Values
Inside both Client and Server, create these DWORD values.
Value 1
Name: Enabled
Type: DWORD
Value: 1
Value 2
Name: DisabledByDefault
Type: DWORD
Value: 0
Your registry structure should look like this:
Protocols
└ TLS 1.2
├ Client
│ Enabled = 1
│ DisabledByDefault = 0
└ Server
Enabled = 1
DisabledByDefault = 0
Step 6: Restart the Server
Restart the system to apply the changes.
After reboot, TLS 1.2 will be enabled on Windows Server 2012.
Method 2 – Enable TLS 1.2 Using PowerShell
You can also enable TLS 1.2 quickly using PowerShell commands.
Run PowerShell as Administrator and execute:
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2' -Force
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name Enabled -Value 1 -PropertyType DWORD -Force
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name DisabledByDefault -Value 0 -PropertyType DWORD -Force
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name Enabled -Value 1 -PropertyType DWORD -Force
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name DisabledByDefault -Value 0 -PropertyType DWORD -Force
Then restart the server.
How to Verify TLS 1.2 is Enabled
You can verify TLS status using:
Method 1
Check registry values again.
Method 2
Use SSL Labs Server Test or internal security tools.
Method 3
Check logs through Event Viewer.
Guide:
https://multicaretechnical.com/how-to-set-scheduled-task-to-run-as-system-windows-10-11-guide-2026
Best Practice: Upgrade Your Server
Windows Server 2012 is now aging, so enabling TLS 1.2 is important, but upgrading your system is even better.
See this guide:
https://multicaretechnical.com/how-to-upgrade-windows-server-2012-r2-to-2019-step-by-step-guide-for-2026
Automating Deployment Across Multiple Servers
If you manage many servers, you can automate configuration using deployment tools.
Complete guide:
https://multicaretechnical.com/how-to-setup-microsoft-deployment-toolkit-step-by-step-complete-2026-guide
This helps apply security configurations across multiple machines quickly.
Common TLS 1.2 Errors and Fixes
1. TLS 1.2 Not Working After Registry Change
Restart the server after editing the registry.
2. Application Still Using TLS 1.0
Some apps require updates to support TLS 1.2.
3. .NET Framework Issues
Older .NET versions may require enabling strong cryptography settings.
Quick Security Checklist
Before enabling TLS 1.2:
✔ Backup the registry
✔ Install latest Windows updates
✔ Restart server after changes
✔ Verify applications support TLS 1.2
Conclusion
Enabling TLS 1.2 on Windows Server 2012 is essential for modern security standards. By updating the registry or using PowerShell, you can activate TLS 1.2 quickly and ensure your server supports secure encrypted connections.
However, since Windows Server 2012 is approaching the end of its lifecycle, consider upgrading to a newer server version for better security, performance, and long-term support.
FAQ
How do I enable TLS 1.2 on Windows Server 2012?
Open Registry Editor, navigate to SCHANNEL protocols, create TLS 1.2 Client and Server keys, set Enabled = 1 and DisabledByDefault = 0, then restart the server.
Is TLS 1.2 supported on Windows Server 2012?
Yes. Windows Server 2012 supports TLS 1.2, but it may need to be enabled manually through the registry or system updates.
Why is TLS 1.2 required?
TLS 1.2 provides strong encryption and secure communication, and most modern platforms no longer support TLS 1.0 or TLS 1.1.
Do I need to restart the server after enabling TLS 1.2?
Yes. A system restart is required for the changes to take effect.