I found a solution with a simple registry fix.
1) Register TSL 1.2 Protocol:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000
2) Configure TLS 1.2 to be default in 32 bit applications:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800
3) Configure TLS 1.2 to be default in 64 bit applications:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800
4) Restart server (important for step 1)
If you need support of TLS 1.1 only then:
- On step 1) above simply change "TLS 1.2" to "TLS 1.1" and apply new registry fix
- On steps 2) and 3) above change value "00000800" to "00000200" and apply new registry fix
If you need support of both TLS 1.1 and 1.2 then
- Repeat step 1) from above two times two register both protocols
- On steps 2) and 3) use value "00000A00" (what is combination of "00000800" + "00000200")
Code for verification:
<%
Set objHttp = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1")
objHttp.open "GET", "https://howsmyssl.com/a/check", False
objHttp.Send
Response.Write objHttp.responseText
Set objHttp = Nothing
%>
At the end of response you should see version of TLS used by request
"tls_version":"TLS 1.2"
upgrade winhttp.dll version to support TLS 1.1 and TLS 1.2 windows 2008 r2 and windows 7
