Can I switch SharePoint to https and do not enforce TLS 1.2?

Question

I am currently using http and I have not enabled TLS 1.2. Can I switch all web applications to https through IIS and AAM and leave the registry settings without any change (not enforcing TLS 1.2)? Is there any Microsoft guideline regarding this topic?

Answer 1

Yes you can. You simply add the AAM to the Web App in Central Admin, then modify the IIS binding.

Answer 2

Even in SharePoint/Windows 2016, TLS1.2 is not enforced by default, TLS1.0 TLS1.1 and TLS1.2 are available to clients. If you want to restrict to TLS1.2 only, you must configure some stuff. I implemented several TLS1.2 only installations and can absolutely recommend it.

Implementing SSL with TLS1.0/1.1/1.2 requires the following steps:

• Obtain a Certificate with the hostnames used in SharePoint
• Change AlternateAccessMappings in CentralAdministration
• Change Bindings in IIS-Manager
• Optional: Implement a redirect from HTTP to HTTPS
• Also remember to change several URLs inside SharePoint (Search-Center, MySite-URL in UserProfileService)
• Check content for absolute links with HTTP