WINDOWS 2012 R2 AND WINDOWS 2008 R2
In my case, I have a simple website which has it’s own sub-application (not just a virtual folder) which uses the DefaultAppPool which, in turn, uses .NET v4.0:
This particular app creates outbound HTTPS requests and gets an answer, as well as content. With the standard, out of the box installation, the connection will fail and be rejected because the host server is only set to allow TLS 1.1. and higher connections.
We need to tell Windows to allow higher connections and, in fact, default to them.
Ready? It is so easy:
Open regedit. There are two places you need to add a key to get get strong cryptography:
HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > .NETFramework > v4.0.30319
HKEY_LOCAL_MACHINE > SOFTWARE > Wow6432Node > Microsoft > .NETFramework > v4.0.30319
The new DWORD to add: SchUseStrongCrypto
And it’s value: 1 (or as it appears 00000001)
As you can see below, I have exported the keys with the new values added. AspNetEnforceViewStateMac is the default key that already exists.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "AspNetEnforceViewStateMac"=dword:00000001 "SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "AspNetEnforceViewStateMac"=dword:00000001 "SchUseStrongCrypto"=dword:00000001
Note: this appears to be a parent configuration for all the SKUs keys beneath this folder. I have NOT tested with other versions of .NET that are in the SKUs key folder. If something fails, simply add the key to each one you are using.
Here are some images to help you along:
Have SchUseStrongCrypto already copied and ready to CTRL+v before you begin. Open regedit and scroll down to the first key HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > .NETFramework > v4.0.30319. Right click > New > DWORD (32-bit) Value. Paste SchUseStrongCrypto into where it says “New Value #1”. If you make a mistake, just delete the key, then try again.
Then right click > Modify.
Then simply change the default value of 0 to 1 and click Ok.
Restart the machine.