We have a need to identify applications that are using the TLS 1.0 and 1.1 protocol for secure LDAP so that we can approach the owner to update or upgrade and force 1.2. I would like to set up TLS 1.2 are the preferred protocol without disabling the others audit the SCHANNEL connections lookin for the lower versions.
I know this is negotiated, but where the client supports all versions, I want to make sure they choose 1.2 above 1.1 or 1.0. Is there a way to set this up in that fashion? Can the order be changed so that when negotiated and if the client supports the stronger version, it is chosen over the less secure versions.