TLS 1.1

Enables or disables the use of TLS 1.1. TLS 1.1 and 1.2 are without known security issues.

Changing this setting will require a restart of the computer before the setting will take effect.

Supported on: At least Windows 7
Enable Client-side TLS 1.1 (eg., Internet Explorer)
Enable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\ClientEnabledREG_DWORD1
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\ClientDisabledByDefaultREG_DWORD0
Disable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\ClientEnabledREG_DWORD0
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\ClientDisabledByDefaultREG_DWORD1
Enable Server-side TLS 1.1 (eg., IIS)
Enable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\ServerEnabledREG_DWORD1
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\ServerDisabledByDefaultREG_DWORD0
Disable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\ServerEnabledREG_DWORD0
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\ServerDisabledByDefaultREG_DWORD1

schannel.admx