Disable TLS 1.0 And 1.1 On Windows Server.
If you have a business need to disable these protocols on your engine servers in your environment Below is a snippet of the required registry changes you will need to make. You should be aware that you would have no reasonable expectation for the engine server to be able to interact with target systems that still use these protocols.
TLS 1.0
This subkey controls the use of TLS 1.0.
Applicable versions: As designated in the Applies To list that is at the beginning of this topic.
Registry path: HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocos
To disable the TLS 1.0 protocol, create an Enabled entry in the appropriate subkey. This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 0. To enable the protocol, change the DWORD value to 1.
TLS 1.0 subkey table
Subkey | Description | Default |
---|---|---|
Client | Controls the use of TLS 1.0 on the client. | Enabled |
Server | Controls the use of TLS 1.0 on the server. | Enabled |
DisabledByDefault | Flag to disable TLS 1.0 by default. | Enabled |
TLS 1.1
This subkey controls the use of TLS 1.1.
Applicable versions: As designated in the Applies To list that is at the beginning of this topic excluding those versions prior to Windows Server 2008 R2 and Windows 7.
Registry path: HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
To disable the TLS 1.1 protocol, create an Enabled entry in the appropriate subkey. This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 0. To enable the protocol, change the DWORD value to 1.
TLS 1.1 subkey table
Subkey | Description | Default |
---|---|---|
Client | Controls the use of TLS 1.1 on the client. | Enabled |
Server | Controls the use of TLS 1.1 on the server. | Enabled |
DisabledByDefault | Flag to disable TLS 1.1 by default. | Enabled |