My company wants to stop using all encryption protocols except TLS1.2. I have 2008R2 DCs with SSL 2/3 disabled, but currently with TLS1.0, 1.1 and 1.2 enabled. I have Windows 2008R2 and 2012 Standard member servers also with SSL disabled and the three TLS versions enabled. I am now testing performing SLDAP connections (using LDP.exe) from those clients to those DCs. In testing, at this point I am only disabling/enabling the encryption protocols on the client servers, not the DCs. The connections are only successful as long as TLS1.0 is enabled. If I disable TLS1.0, but leave TLS 1.1 and/or TLS 1.2 enabled, the connection fails.
All Ciphers/Hashes have been left at their default install state, and obviously I have a valid DC certificate on the DC.
Can anyone help me understand why, and help achieve the goal of only TLS 1.2 enabled on the DCs and the client/member servers?
Tony Auby
