I recently ran into an issue where a legacy VB application was trying to connect outbound with TLS 1.0. The application was moved from a Windows 2003 server to Windows server 2012 which by default uses TLS 1.2 as its highest protocol. Windows KB3140245 has more information regarding this.
It looks like some legacy applications rely on the the WinHTTP library in Windows to establish secure connections and it appears the default config on Server 2012 is to use TLS 1.0. Registry changes need to be made to enable the higher protocols.
1. Enable TLS 1.2 for WinHTTP
The below screenshot will enable TLS 1.1 and TLS 1.2 for WinHTTP.
This key needs to be present in both 32-bit and 64-bit reg key locations
Available options are:
TLS 1.1: 0x00000200
TLS 1.2: 0x00000800
TLS 1.2+1.1: 0x00000A00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
2. Enable the TLS 1.2 protocol on server level
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\
Set DisabledByDefault to 0
Set Enabled to 1
