Enable TLS 1.2 without enabling FIPS policy

Question

I am trying to enable TLS 1.2 on Windows Server 2012 R2.

For this I have upgraded my SQL Server 2012 SP2 to 11.2.5678.0. Also, I have performed the following in regedit:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319] SchUseStrongCrypto=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319] SchUseStrongCrypto=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]

TLS 1.1 -> Client -> DisabledByDefault= dword:00000000

TLS 1.1 -> Client -> Enabled= dword:00000001

TLS 1.2 -> Client -> DisabledByDefault= dword:00000000

TLS 1.2 -> Client -> Enabled= dword:00000001

TLS 1.1 -> Server -> DisabledByDefault= dword:00000000

TLS 1.1 -> Server -> Enabled= dword:00000001

TLS 1.2 -> Server -> DisabledByDefault= dword:00000000

TLS 1.2 -> Server -> Enabled= dword:00000001

Also, I have upgraded .Net Framework Version to 4.6.

I still find the following issue in Event Logs:

A fatal error occurred while creating an SSL client credential. The internal error state is 10013.

The only solution that I find on portals is to enable the local security policy “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” I don’t want to enable this policy. Can anyone please help me in upgrading TLS to TLS v1.2 without enabling the above policy and let me know if I have missed something.

I know this question is old, and I'm wondering if you solved the problem. I'm facing same issue. — Swisher Sweet, Jul 12 '18 at 02:29
A solution for some that I came across searching: https://stackoverflow.com/questions/33976684/is-fips-compliance-required-for-tls-1-2-communication-in-windows — Stuart Buck, Jan 25 '19 at 10:26

Enable TLS 1.2 without enabling FIPS policy

0 Answers0