I am currently having an issue enabling TLS 1.1 and 1.2 on our production customer portal site. Unfortunately, my experience with IIS is very limited (read: non-existent). Our site-development team has attempted to enable TLS on the site using a tool called IIS Crypto 40, but according to Qualys SSL Labs (and my personal testing using Wireshark), the server is still downgrading the protocol to SSLv3. I have been asked to assist with the process of improving site security.
The registry appears to have the necessary keys added, presumably by the IIS Crypto program, and the server has been rebooted several times. This site DOES sit behind an Imperva Web Application Firewall (managed by an external vendor). The server is running 2008 R2 with IIS 7.
Are there any other settings that could potentially be preventing TLS from working? Any help is greatly appreciated.