IIS开启TLS 1.1和1.2

       最近一直在用centos系统做网站方面的维护,最近因为程序的需求上马一台WINDOWS主机,使用了宝塔控制面板,安装了IIS ,因为需要开启微信小程序(微信小程序 TLS 版本必须大于等于1.2问题解决(自己以亲身试验可以用)),但访问程序需要开启TLS1.1和1.2。如果没有正确的方法,可能会走很多弯路,这次顺便保存下,方便以后使用。

TLS1.2.png

请先确认系统支持TLS1.2以后,进行一下操作:(如不支持请升级系统到支持版本)


windows2008R2在配置SSL做小程序开发时候提示小程序的TLS版本必须大于等于1.2。


解决方法:


请先备份导出HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols的值。如图:

保存注册表.png


Windows Registry Editor Version 5.00   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello]   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Client]   "Enabled"=dword:00000000   "DisabledByDefault"=dword:00000001   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Server]   "Enabled"=dword:00000000   "DisabledByDefault"=dword:00000001   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0]   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Client]   "Enabled"=dword:00000000   "DisabledByDefault"=dword:00000001   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server]   "Enabled"=dword:00000000   "DisabledByDefault"=dword:00000001   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]   "DisabledByDefault"=dword:00000001   "Enabled"=dword:00000000   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]   "Enabled"=dword:00000000   "DisabledByDefault"=dword:00000001   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]   "Enabled"=dword:00000000   "DisabledByDefault"=dword:00000001   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]   "Enabled"=dword:00000000   "DisabledByDefault"=dword:00000001   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]   "Enabled"=dword:00000001   "DisabledByDefault"=dword:00000000   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]   "Enabled"=dword:00000001   "DisabledByDefault"=dword:00000000   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]   "DisabledByDefault"=dword:00000000   "Enabled"=dword:00000001   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]   "DisabledByDefault"=dword:00000000   "Enabled"=dword:00000001   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]   "DisabledByDefault"=dword:00000000   "Enabled"=dword:00000001   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]   "Enabled"=dword:00000001   "DisabledByDefault"=dword:00000000


备份reg.png

重 启后如果有问题,请使用备份的old.reg恢复既可。

刘让博客,版权所有丨如未注明,均为原创丨本网站采用BY-NC-SA协议进行授权,转载请注明本文固定链接
喜欢 ()or分享