The inclusing of TLS is fully dependant on whether or not your server's registry has been configured to allow TLS, and at what level of encryption.
The ability to use TLS is dependant on using IIS and is NOT supported when running the SmarterTrack, SmarterMail or SmarterStats web servers.
When access to a secured site is made via a browser, the ability of the browser to use SSL/TLS is dependant on whether the browser has been configured to use TLS 1.0, TLS 1.1, and TLS 1.2 - which are not necessarily enabled by default in most browsers.
Android devices running versions of the Androis operating system lower than Android 4.4 are not capable of supporting TLS.
Whether or not a program or service can utilize the various versions of TLS is not dependant on a program, but on whether the server to which the connection is made is capable of supporting all of the TLS protocols.
Some programs and routines (like POP, IMAP, SMTP, LDAP, FTP, and IIS) require both additional capabilities and code be embedded within, and enabled, to utilize the TLS protocol, but the basic TLS capabilities must first be enabled at the SERVER level.
For the benefit of those who are less informed about the issues of encryption standards: All versions of SSL have been depreciated and should have been completely disabled at the SERVER LEVEL. See: https://www.google.com/?gws_rd=ssl#q=ssl+exploit
Having stated that SSL is depreciated, and should no longer be in use on any server.
TLS is the replacement for SSL.
TLS 1.1 and TLS 1.2 are the only recommended protocols which should be in current use.
TLS 1.0 is a part of the TLS encryption protocol and, unless a server is also hosting a shopping cart, or other service, which directly accepts credit card payments (orders redirected to 3rd party payment systems like PayPal and Square are currently excluded) the new PCI 3.1 Security Standards mandate that TLS 1.0 be DISABLED on such servers.
Neither the disabling of SSL, nor the enabling of TLS is automatic in any server operating system.
While Microsoft pushed a patch on 12 December, 2014, that patch did not fully disable SSL and did not enable TLS on Windows Server 2003, Windows Server 2008, or Windows Server 2012.
The complete disabling of the SSL protocol requires either direct registry hacks or the use of a 3rd party software to enable the new protocols and ciphers.
TLS can be enabled in Server 2003, Server 2008, and Server 2012.
- Server 2003 can ONLY be enabled for TLS 1.0, and does not support TLS 1.1 or TLS 1.2
- Server 2008 can ONLY be enabled for TLS 1.0, and does not support TLS 1.1 or TLS 1.2
- Server 2012 can be fully enabled for TLS 1.0, TLS 1.1, and TLS 1.2
Microsoft Technet provides a good starting point for learning more about the aspectes of what encryption protocols and ciphers are supported in Server 2008 and Server 2012 at:
Server 2003 is not mentioned at all in the article because ALL support for Server 2003 ends, promptly, at midnight on 14 July, 2015. Server 2003 is, effectively, a dead server operating system and any installations of Server 2003 should be immediately upgraded to either Server 2008 or Server 2012.
Server 2008 is currently scheduled for depreciation on 12 Janyary, 2020.
I have written a series of articles pertaining to the required registry hacks which are available via my portal at:
While those articles contain all of the require information, for both the SECURITY PROTOCOLS and SECURITY CIPHERS, what they are, and how to enable them, either via a hack or the import of a .REG merge file, the process can be extremely confusing to even the most accomplished server operator.
Therefore, I have developed a downloadable zip file which contains two .REG merge files, which can be used for Server 2003, Server 2008, or Server 2012, and will completely patch the Windows server registry to:
- DISABLE all SSL protocols: SSL 1.0, SSL 2.0, and SSL 3.0
- ENABLE all TLS protocols: TLS 1.0, TLS 1.1, and TLS 1.2, and
- ENABLE and/or DISABLE CIPHERS which are required to:
- MAXIMIZE the encrypting of the secured data;
- REMOVE all of the ciphers which are no longer allowed or supported
In order to make the process of updating the Windows registry, in all versions of Windows Server: 2003, 2008, and 2012, I have created a set of two registry merge files which can be downloaded via a zipped file called "CIPHER.ZIP
These files need to be downloaded to the SERVER which requires the updates.
Once you download the file, extract the two files from the ZIP: