Follow these steps:

1. Ensure Windows client with TLS 1.2 is enabled.
   • Windows 8.1, Windows Server 2012 R2, Windows 10, Windows Server 2016, and later versions of Windows natively support TLS 1.2 for client-server communications over WinHTTP.
   • Earlier versions of Windows, such as Windows 7 or Windows Server 2012, don't enable TLS 1.1 or TLS 1.2 by default for secure communications using WinHTTP. For these earlier versions of Windows, install Update 3140245 to manually enable the registry value, which can be set to add TLS 1.1 and TLS 1.2 to the default secure protocols list for WinHTTP.
2. For the database, by default SLIM installer includes SQL Express 2008R2 SP2 (version 10.50.4000) which doesn't support TLS 1.2. Follow these steps:
   1. Upgrade SQL Express database to SP3 to support TLS 1.2. You may download SP3 here.
   2. Apply TLS 1.2 SQL support patch.
   3. For remote database, make sure to apply the instructions on this Microsoft KB.
3. SLIM installer also includes PHP CGI version 5.3.29 which also doesn't support TLS 1.2. Upgrade to PHP version to 5.5 or 5.6 to support TLS 1.2. Follow these procedures on Upgrading PHP on Windows.

   

4. Enable TLS 1.2 and disable TLS 1.0/1.1 on SLIM server.
   1. Enable TLS 1.2 by following this Microsoft best practices guide to disable TLS 1.0 in the section Configuring Schannel protocols in the Windows Registry.
   2. Enable strong crypto by following this Microsoft best practices guide to enable Strong Crypto in the section Configuring security via the Windows Registry.
   3. Disable 3DES and RC4 Ciphers by following this Microsoft best practices guide to disable 3DES and RC4 in the section SCHANNEL\Ciphers subkey.
   4. Restart the SLIM Server.
5. Verify after SLIM enforces TLS 1.2 only:
   1. Registration of Safe Lock Agent to SLIM with TLS 1.2 is successful and IM send command to Agent is completed.

      

   2. Web console and dashboard are both working as well.

      

   3. Test TLS connection to SLIM server on 443/8000/8001 ports by Nmap tools.