7.6 Ensure TLS 1.2 is enabled

Information

TLS 1.2 is the most recent and mature protocol for protecting the confidentiality and integrity of HTTP traffic. Enabling TLS 1.2 is recommended. This protocol is enabled by default if the registry key is not present. As with any registry changes, a reboot is required for changes to take effect.

Rationale:

Enabling this protocol will help ensure the confidentiality and integrity of data in transit.

Solution

Perform the following to enable TLS 1.2:
1. Check to see if the following key exists. If it doesn't, TLS 1.2 is enabled by default. If it does, you can delete it or follow step 2.

HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\

2. If the key exists, set the following key to 0xFFFFFFFF

HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server\Enabled

See Also

https://workbench.cisecurity.org/benchmarks/14293

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: Windows

Control ID: a8b0399e188142b8968e27d808a47b11888738d5901a9320d2f7f706b014e146