Disable TLS 1.0 And 1.1 On Windows Server.

If you have a business need to disable these protocols on your engine servers in your environment Below is a snippet of the required registry changes you will need to make. You should be aware that you would have no reasonable expectation for the engine server to be able to interact with target systems that still use these protocols.

TLS 1.0

This subkey controls the use of TLS 1.0.

Applicable versions: As designated in the Applies To list that is at the beginning of this topic.

Registry path: HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocos

To disable the TLS 1.0 protocol, create an Enabled entry in the appropriate subkey. This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 0. To enable the protocol, change the DWORD value to 1.

TLS 1.0 subkey table

Subkey Description Default
Client Controls the use of TLS 1.0 on the client. Enabled
Server Controls the use of TLS 1.0 on the server. Enabled
DisabledByDefault Flag to disable TLS 1.0 by default. Enabled

TLS 1.1

This subkey controls the use of TLS 1.1.

Applicable versions: As designated in the Applies To list that is at the beginning of this topic excluding those versions prior to Windows Server 2008 R2 and Windows 7.

Registry path: HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

To disable the TLS 1.1 protocol, create an Enabled entry in the appropriate subkey. This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 0. To enable the protocol, change the DWORD value to 1.

TLS 1.1 subkey table

Subkey Description Default
Client Controls the use of TLS 1.1 on the client. Enabled
Server Controls the use of TLS 1.1 on the server. Enabled
DisabledByDefault Flag to disable TLS 1.1 by default. Enabled

 

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.