As a digital marketing consultant who manages several enterprise-level websites for the clients, any message coming from Google Search Console makes me nervous. While a lot of good things happen to the websites (like a sudden increase in the ranking), it is the bad things that usually make it to Search Console Messages.

Today I woke up to see such a message for one of the large websites managed by SpiderWorks. It is an educational portal (indiastudychannel.com) with a few million monthly visitors.

Here is the message found on Search Console as well as sent by email:

“Chrome browsers will start warning about TLS 1.0/1.1 on https://www.indiastudychannel.com/”.

And here is the detailed description provided:

To the owner of https://www.indiastudychannel.com/,

Starting January 2020, Chrome (version 79) will show a “NOT SECURE” warning for all sites that don’t support TLS 1.2 or higher. In March 2020, Chrome (version 81) will show a full page warning message for these sites. Enable TLS 1.2 or higher on your site to help protect users’ data and avoid triggering the new warning.

To fix this problem
Enable TLS 1.2 on your site

To prevent warnings from appearing when Chrome users visit your site, serve your site over a modern version of TLS (TLS 1.2 or higher). Depending on your server software (such as Apache or nginx), this may be a configuration change or a software update. These changes do not require getting a new certificate.

The message was quite clear and self-explanatory. The server runs on the old SSL version and doesn’t support the new TLS 1.2 protocol.

Google has pretty clearly explained the problem as well as provided the solution too. We just had to get it done on our Windows server.

If you received the error “Chrome browsers will start warning about TLS 1.0/1.1”, you can follow the steps below to resolve the same. Please note that our website runs on Windows server and so the steps explained below refers to the Windows Server.

If your website is running on other platforms, you may want to check the settings on your server or contact your hosting provider to enable newer versions of TLS.

How to find TLS version on your server

Before you dive into changing the settings to enable TLS 1.2, check your web server and see if it already supports the newer versions. There are multiple free tools available on the internet to check SSL/TLS support. All you have to do is, provide your domain name hosted on the server and the tool will report what versions of the SSL/TLS are supported.

I used the following tools:

  1. https://gf.dev/tls-test
  2. https://www.cdn77.com/tls-test

Both the tools do pretty much the same thing and you can use either one of them to check the TLS version of your server.

Here is a report I got when I checked our site on cdn77.com:

You can see that the above report shows the server doesn’t support TLS 1.2. That is exactly what Google complained about. Google message says that if the website doesn’t support TLS 1.2 or higher, Chrome browsers will start showing a full-page warning to the site visitors starting from January 2020. That’s the last thing any webmaster wants!

Step by step instructions to enable TLS 1.2 on IIS Web server on Windows Server

Windows Server supports TLS 1.2 or higher protocols but they are not enabled by default. We need access to the Windows registry and add a few keys to add support for TLS 1.2 on the Windows Server. If your website is running on IIS on a Windows Server, follow the instructions below to enable TLS 1.2:

  1. Login to your Windows server
  2. Open the Windows registry by running regedt32 (Go to Windows command prompt and type regedt32)
  3. Navigate to the key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols”
  4. Check what you have under this folder. If there is no key named “TLS 1.2”, you will need to create one.
  5. Right click on “Protocols” and select “New” > “Key”. Give the name “TLS 1.2”
  6. Under the key “TLS 1.2”, create new Keys named “Client” and “Server” respectively.
  7. Under both the keys (Client and Server), create two “New” “DWORD (32 bit) Value” as shown below:
    1. “DisabledByDefault”  (Value: 0, Base: Hexadecimal)
    2. “Enable”  (Value: 1, Base: Hexadecimal)

Once you complete the above steps, restart your server for the new values to take effect.

After the server is restarted, use the previously mentioned tools to check your TLS version. If the version 1.2 is now shown as “supported”, you are all set.

You can safely ignore the warning from Google Search Console and get back to business.

Search Console doesn’t give an option to review the TLS protocol settings. So you will have to wait until Google crawl and scan the settings again and the message to disappear automatically or give you an updated message.

Did you receive the warning “Chrome (version 79) will show a “NOT SECURE” warning for all sites that don’t support TLS 1.2 or higher” for your website on Search Console? Did you use a different approach to resolve the same? Share your feedback.