Enable TLS 1.1/1.2 on Windows Vista

Windows Vista does not properly support TLS 1.1 and TLS 1.2 https connections. This can cause issues not just with the built in Internet Explorer web browser, but also with any apps that rely on the Windows networking components when connecting to servers configured to only accept TLS 1.1+ connections. These steps will allow you to enable TLS 1.1 and 1.2 on Windows Vista using the KB4056564 update patch for Windows Server 2008 and are an updated version of the steps outlined in this forum post on MSFN.

Warnings

  • These instructions and files are provided without warranty. Use them at your own risk. They may violate your license depending on your local laws.
  • .REG files update your Windows registry. Incorrect changes to the registry may damage Windows or other installed software. Be sure you know what a given .REG file contains before merging it into the registry.
  • These instructions and files are unsupported, please do not contact me with questions on their use.

Installation and update directions

  1. Open Windows Update and ensure you have applied all Critical and Important updates for Windows Vista through when it was end of lifed.
  2. Visit the KB4056564 page in the Microsoft Update Catalog
  3. Click the Download button next to either "2018-05 Security Update for Windows Server 2008 for x86-based Systems (KB4056564)" or "2018-05 Security Update for Windows Server 2008 for x64-based Systems (KB4056564)" depending on whether your copy of Windows Vista is 32-bit or 64-bit. If you are unsure which your version of Windows Vista is, you can right click on My Computer in Windows Explorer and it will show in the details.
  4. Run the windows6.0-kb4056564-v2-x86_1cf1b27424b4017e5f1341d88b42c463a62e1ac8.msu (or x64) file that is downloaded and follow along the prompts to install the patch.
  5. Restart your computer
  6. Download this .reg key: vista-tls-1.1-1.2-update.reg
  7. Double click the .reg key and allow it to merge into the Windows registry (For the curious, this will remove version-specific information from the CRYPTO\TLS1.1 and CRYPTO\TLS1.2 keys allowing the options to display in Internet Options)
  8. Open up Internet Options from your Control Panel or from within Internet Explorer by clicking the gear icon and selecting Internet Options
  9. Click the Advanced tab
  10. Scroll all the way down and check the boxes next to TLS 1.1 and TLS 1.2
  11. Click OK

You should now be able to connect to TLS 1.1 and TLS 1.2 secured websites. Note that Internet Explorer will still have issues displaying most modern websites and most are no longer tested for compatibility with Internet Explorer 9.