• Home
  • |
  • Blog
  • |
  • How to Disable TLS 1.0 and TLS 1.1 on Windows Server?
How to Disable TLS 1.0 and TLS 1.1 on Windows Server

How to Disable TLS 1.0 and TLS 1.1 on Windows Server?

Growing trends in cyber attacks made system administrators implement more secure communication protocols to protect their assets and network from attacks. TLS plays a vital role in the implementation stack. TLS is a critical security protocol that is used to encrypt communications between clients and servers. TLS 1.2 and TLS 1.3 are the two latest versions of the Transport Layer Security (TLS) protocol and offer many advantages over their previous versions. TLS 1.2 is the most widely used version of the TLS protocol, but TLS 1.3 is gaining popularity because of its efficiency and speed. As a system administrator, you should enable TLS 1.2 and TLS 1.3 on your Windows Server to enhance the security of your infrastructure, but wait, that’s not enough. You should disable TLS 1.0 and TLS 1.1 on Windows Server as they are deprecated for their weak security.

Before learning how to disable TLS 1.0 and TLS 1.1 on your Windows Server, let’s see about TLS 1.0 and TLS 1.1 and why you should disable TLS 1.0 and TLS 1.1 on your Windows Server

A Short Note About TLS 1.0 and TLS 1.1:

The Transport Layer Security (TLS) protocols are cryptographic protocols that provide communication security over the Internet. TLS 1.0 and TLS 1.1 are the two previous versions of the TLS protocol.

TLS 1.0 was first defined in 1999, and TLS 1.1 was published as an update to TLS 1.0 in 2006. TLS 1.0 and TLS 1.1 are now considered to be obsolete, and they are no longer considered secure.

Why You Should Disable TLS 1.0 and TLS 1.1 on Windows Server?

There are a few reasons why you should disable TLS 1.0 and TLS 1.1 on Windows Server:

  1. TLS 1.0 and TLS 1.1 are no longer considered secure, due to the fact that they are vulnerable to various attacks, such as the POODLE attack.
  2. Disabling TLS 1.0 and TLS 1.1 on your server will force clients to use a more secure protocol (TLS 1.2), which is less vulnerable to attack.
  3. Some government agencies, such as the US National Security Agency (NSA), have recommended that TLS 1.0 and TLS 1.1 be disabled.
  4. Microsoft will no longer provide security updates for Windows Server running TLS 1.0 and TLS 1.1.
  5. Many major software vendors are phasing out support for TLS 1.0 and TLS 1.1. This includes Google, Microsoft, Mozilla, and Apple.

Attacks TLS 1.0 and TLS 1.1 are vulnerable to:

There are a number of known vulnerabilities in TLS 1.0 and TLS 1.1 that can be exploited by attackers. These include:

  1. POODLE (Padding Oracle On Downgraded Legacy Encryption)
  2. BEAST (Browser Exploit Against SSL/TLS)
  3. CRIME (Compression Ratio Info-leak Made Easy)
  4. FREAK (Factoring Attack on RSA-EXPORT Keys)
  5. LOGJAM (Diffie-Hellman Key Exchange Weakness)

These vulnerabilities allow attackers to perform man-in-the-middle attacks, decrypt sensitive information, and hijack user sessions. By disabling TLS 1.0 and TLS 1.1 on your Windows server, you can protect yourself from these attacks.

What is the Alternate to TLS 1.0 and TLS 1.1?

The current version of the TLS protocol is TLS 1.3. TLS 1.3 was first defined in 2018, and it includes a number of security improvements over previous versions of the TLS protocol. We suggest you to enable TLS 1.2 and TLS 1.3 on your Windows Server instead of TLS 1.0 and TLS 1.1.

TLS 1.2 improves upon TLS 1.1 by adding support for Elliptic Curve Cryptography (ECC) and introducing new cryptographic suites that offer better security than the suites used in TLS 1.1. TLS 1.3 improves upon TLS 1.2 by simplifying the handshake process and making it more resistant to man-in-the-middle attacks. In addition, TLS 1.3 introduces new cryptographic suites that offer better security than the suites used in TLS 1.2.

TLS 1.2 and TLS 1.3 are both backward compatible with TLS 1.1 and earlier versions of the protocol. This means that a client that supports TLS 1.2 can communicate with a server that supports TLS 1.1 and vice versa. However, TLS 1.2 and TLS 1.3 are not compatible with each other. A client that supports TLS 1.2 cannot communicate with a server that supports TLS 1.3, and vice versa.

See Also  How to Fix CorePlague Vulnerabilities in Jenkins Server And Update Center?

TLS 1.2 is the most widely used version of the TLS protocol, but TLS 1.3 is gaining in popularity. Many major web browsers, including Google Chrome, Mozilla Firefox, and Microsoft Edge, now support TLS 1.3. In addition, major Internet services providers, such as Cloudflare and Akamai, have started to support TLS 1.3 on their servers. Please visit this page if you want to deeply review the comparison of TLS implementations across different supported servers and clients.

Please visit these posts to learn more about TLS 1.2 and TLS 1.3:

  1. What Is SSL/TLS? How SSL, TLS 1.2, And TLS 1.3 Differ From Each Other?
  2. Decoding TLS v1.2 protocol Handshake with Wireshark
  3. Decoding TLS 1.3 Protocol Handshake With Wireshark
  4. How to Enable TLS 1.3 in Standard Web Browsers?
  5. How to Enable TLS 1.3 on Popular Web Servers?
  6. How to Enable TLS 1.2 and TLS 1.3 on Windows Server
  7. How to Disable TLS 1.0 and TLS 1.1 on Your Apache Server?
  8. How to Disable TLS 1.0 and TLS 1.1 on Your Nginx Server?

How to Disable TLS 1.0 and TLS 1.1 on Windows Server?

We have covered 3 different ways to disable TLS 1.0 and TLS 1.1 on your Windows Server in this post. You can choose any one of the three ways to disable TLS 1.0 and TLS 1.1 on your Windows Server depending on your technical and automation skills.

  1. Disable TLS 1.0 and TLS 1.1 manually using Registry
  2. Disable TLS 1.0 and TLS 1.1 using Powershell Commands
  3. Disable TLS 1.0 and TLS 1.1 using CMD

Note: Microsoft clearly said that it doesn’t support TLS 1.0 and TLS 1.1 on Windows operating systems. No patches will be provided for TLS 1.0 and TLS 1.1 from Microsoft. You can refer to the below table that shows the Microsoft Schannel Provider support of TLS protocol versions.

TLS Protocols Supported by Windows Operating Systems:

Windows OSTLS 1.0 ClientTLS 1.0 ServerTLS 1.1 ClientTLS 1.1 ServerTLS 1.2 ClientTLS 1.2 ServerTLS 1.3 ClientTLS 1.3 Server
Windows Vista/Windows Server 2008EnabledEnabledNot supportedNot supportedNot supportedNot supportedNot supportedNot supported
Windows Server 2008 with Service Pack 2 (SP2)EnabledEnabledDisabledDisabledDisabledDisabledNot supportedNot supported
Windows 7/Windows Server 2008 R2EnabledEnabledDisabledDisabledDisabledDisabledNot supportedNot supported
Windows 8/Windows Server 2012EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows 8.1/Windows Server 2012 R2EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows 10, version 1507EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows 10, version 1511EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows 10, version 1607/Windows Server 2016 StandardEnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows 10, version 1703EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows 10, version 1709EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows 10, version 1803EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows 10, version 1809//Windows Server 2019EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows 10, version 1903EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows 10, version 1909EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows 10, version 2004EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows 10, version 20H2EnabledEnabledEnabledEnabledEnabledEnabledNot SupportedNot Supported
Windows 10, version 21H1EnabledEnabledEnabledEnabledEnabledEnabledNot SupportedNot Supported
Windows 10, version 21H2EnabledEnabledEnabledEnabledEnabledEnabledNot SupportedNot Supported
Windows Server 2022EnabledEnabledEnabledEnabledEnabledEnabledEnabledEnabled
Windows 11EnabledEnabledEnabledEnabledEnabledEnabledEnabledEnabled

Method 1 : Disable TLS 1.0 and TLS 1.1 manually using Registry

Let’s begin learning how to disable TLS 1.0 and TLS 1.1 manually using Windows Registry.

Time needed: 15 minutes

  1. Open regedit utility

    Open ‘Run‘, type ‘regedit’ and click ‘OK’.

    Open regedit utility on Windows

  2. Create New Key

    In Registry Editor, navigate to the path : Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.
    Create a new key by Right click on ‘Protocols‘ –> New –> Key.

    Create New Key on Windows

  3. Rename the Registry Key ‘TLS 1.0’

    Name key as ‘TLS 1.0
    Rename the registry key as ‘TLS 1.0‘.

    Rename the Registry Key 'TLS 1.0'

  4. Create One More Registry Key ‘Client’ underneath ‘TLS 1.0’

    As smiler to the above step, create another key as ‘Client‘ underneath ‘TLS 1.0‘ as shone in this picture.Create One More Registry Key 'Client' underneath 'TLS 1.0'

  5. Create New Item ‘DWORD (32-bit) Value’ Underneath ‘Client’

    Create new  item by right click on ‘Client‘, select ‘New’ –> DWORD (32-bit) Value.

    Create New Item 'DWORD (32-bit) Value' Underneath 'Client'

  6. Rename the Item ‘DWORD (32-bit) Value’ to ‘Enable’

    We Name the item as ‘Enabled‘ with Hexadecimal value as ‘0‘.

    Rename the Item 'DWORD (32-bit) Value' to 'Enable'

  7. Create another item, ‘DisabledByDefault’ Underneath TLS 1.0

    Similarly, create another item, ‘DisabledByDefault‘, with a Hexadecimal value as ‘1‘.

    Create another item, 'DisabledByDefault' Underneath TLS 1.0

  8. Create ‘Server’ and corresponding Keys as in the case of ‘Client’

    Similar to the above steps, create a key ‘Server‘ under ‘Protocols‘ and create registry items ‘DWORD (32-bit)’ and ‘Enabled’ as shown below.

    Create 'Server' and corresponding Keys as in the case of 'Client'

  9. Disable TLS 1.1 on the Windows Server

    Similar to the above steps, create a key ‘TLS 1.1’ under ‘Protocols‘ and below keys and items to Disable ‘TLS 1.1’


    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client\Enabled with Hexadecimal value as ‘0’
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client\DisabledByDefault with Hexadecimal value as ‘1’


    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server\Enabled with Hexadecimal value as ‘0’
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server\DisabledByDefault with Hexadecimal value as ‘1’

  10. Create 'Server' and corresponding Keys as in the case of 'Client' (1)

See Also  How To Fix CVE-2021-43304(5)- Heap Buffer Overflow Vulnerabilities In ClickHouse Database Management System

Method 2 : Disable TLS 1.0 and TLS 1.1 using Powershell commands

Follow this simple procedure to enable TLS 1.2 and TLS 1.2 using Powershell commands.

  1. Open Powershell as Administrator
Open Powershell as Administrator

2. Run the below commands to create Registry entries

- New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -Force
- New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' –PropertyType 'DWORD' -Name 'Enabled' -Value '0' 
- New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' –PropertyType 'DWORD' -Name 'DisabledByDefault' -Value '1' 

- New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -Force
- New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -PropertyType 'DWORD' -Name 'Enabled' -Value '0'
- New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' –PropertyType 'DWORD' -Name 'DisabledByDefault' -Value '1' 


- New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -Force
- New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' –PropertyType 'DWORD' -Name 'Enabled' -Value '0' 
- New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' –PropertyType 'DWORD' -Name 'DisabledByDefault' -Value '1' 

- New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -Force
- New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -PropertyType 'DWORD' -Name 'Enabled' -Value '0'
- New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' –PropertyType 'DWORD' -Name 'DisabledByDefault' -Value '1'

Before running the commands, you can see no items exist underneath Protocol.

before running commands Registry entries

After running the commands you can see there are two keys created ‘TLS 1.0’ & ‘TLS 1.1’, Underneath each protocols there are ‘Client’ &’Server’ Keys inside them ther are two items ‘DisableByDefault’ & ‘Enabled’.

After running the commands you can see there are two keys created 'TLS 1.0' & 'TLS 1.1', Underneath each protocols there are 'Client' &'Server' Keys

Method 3 : Disable TLS 1.0 and TLS 1.1 on Windows Server using CMD

Follow this simple procedure to disable TLS 1.0 and TLS 1.1 using CMD comments.

  1. Open ‘Command Prompt’ as Administrator
Open 'Command Prompt' as Administrator

2. Run the below commands to create Registry entries.

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" /v Enabled /t REG_DWORD /d 0 /f 

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" /v Enabled /t REG_DWORD /d 0 /f 

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f


reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v Enabled /t REG_DWORD /d 0 /f 

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" /v Enabled /t REG_DWORD /d 0 /f 

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f

We hope this post would help you know how to disable TLS 1.0 and TLS 1.1 on your Windows Server as they are deprecated for their weak security. Please share this post if you find this interested. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.

Recommend Products for You

We have some computer accessory recommendations that we think you’ll find useful. These are products we’ve personally selected that we believe are must-haves for any computer. Take a moment to look through the list – you can click on any item to view more details or purchase it directly from Amazon. Whether you’re just getting started with your computer or looking to expand its capabilities, we’re confident you’ll find something helpful among our top picks. Let us know if you have any other questions!

Declaimer: The below products contain affiliate links. We may receive a small commission if you purchase through these links at no additional cost to you. You can read our full affiliate disclosure here.

1080P Webcam with Microphone Sceptre 34-Inch Curved Ultrawide WQHD Monitor
HUANUO Dual Monitor Stand SAMSUNG 980 PRO SSD 2TB PCIe NVMe Gen 4 Gaming
LISEN 240W USB C to USB C Cable USB C Adapter for MacBook
Sceptre 34-Inch Curved Ultrawide WQHD Monitor Brother HLL2305W Compact Mono Laser Single Function Printer

Read More:

What is Red Team_ How Red Teaming is Different Than Penetration Testing
What is Red Team? How Red Teaming is Different Than Penetration Testing?
How to Fix CVE-2021-44228 Log4Shell Vulnerability in Log4j Logging Library
How To Fix CVE-2021-44228 Log4Shell- A Critical 0-DAY RCE In Log4j Logging Library?
How To Fix The 3 New Vulnerabilities In Lenovo UEFI
How to Fix the 3 New Vulnerabilities in Lenovo UEFI?
A Step-By-Step Guide to Install the Phishing Assessment Tool ‘Gophish’
What Is a Phishing Assessment? A Step-By-Step Guide to Install the Phishing Assessment Tool ‘Gophish’
What is screenshotter malware and How to detect and mitigate screenshotter malware
What is the New ‘Screenshotter’ Malware? Who is Behind It? How to Detect and Mitigate the Presence of Screenshotter Malware?
How To Install MX Linux On VMWare Workstation
Step-By-Step Procedure To Install MX Linux On VMWare Workstation

Frequently Asked Questions:

1. What are TLS 1.0 and TLS 1.1?

TLS 1.0 and TLS 1.1 are older versions of the Transport Layer Security (TLS) protocol, which is designed to provide secure communication over computer networks. These versions have been deprecated due to various security vulnerabilities and have been replaced by more secure and modern versions like TLS 1.2 and TLS 1.3.TLS 1.0 and TLS 1.1 are older versions of the Transport Layer Security (TLS) protocol, which is designed to provide secure communication over computer networks. These versions have been deprecated due to various security vulnerabilities and have been replaced by more secure and modern versions like TLS 1.2 and TLS 1.3.

2. Why should I disable TLS 1.0 and TLS 1.1 on my Windows Server?

Disabling TLS 1.0 and TLS 1.1 on your Windows Server helps protect your server from potential security vulnerabilities and ensures compliance with security standards and best practices. It also encourages clients to use more secure and modern versions of the TLS protocol, such as TLS 1.2 and TLS 1.3.

3. How do I disable TLS 1.0 and TLS 1.1 on my Windows Server?

To disable TLS 1.0 and TLS 1.1 on your Windows Server, follow these steps:


1. Open the Registry Editor by pressing Win + R, typing regedit, and pressing Enter.
2. Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
3. Under the Protocols key, create new keys for TLS 1.0 and TLS 1.1 if they do not exist.
4. Under each TLS version key, create subkeys named Client and Server.
5. Create a new DWORD (32-bit) value named Enabled under both Client and Server subkeys, and set its value to 0.
6. Create a new DWORD (32-bit) value named DisabledByDefault under both Client and Server subkeys, and set its value to 1.
7. Close the Registry Editor and restart your server to apply the changes.

4. Can I disable TLS 1.0 and TLS 1.1 on other operating systems besides Windows Server?

Yes, you can disable TLS 1.0 and TLS 1.1 on other operating systems, such as Linux and macOS. The process may vary depending on the platform and the software used, but the overall goal remains the same: to ensure that your server no longer accepts connections using less secure versions of the TLS protocol.

5. Will disabling TLS 1.0 and TLS 1.1 affect the compatibility of my Windows Server with older clients?

Disabling TLS 1.0 and TLS 1.1 may affect compatibility with older clients that do not support more modern versions of the TLS protocol. However, the majority of modern web browsers, applications, and devices now support TLS 1.2 and TLS 1.3. It is highly recommended to encourage clients to update their software to support these newer and more secure versions of the TLS protocol.

6. How do I check if TLS 1.0 and TLS 1.1 are disabled on my Windows Server?

You can use a third-party tool like Nmap (https://nmap.org/) or SSL Labs’ SSL Server Test (https://www.ssllabs.com/ssltest/) to scan your server and determine if TLS 1.0 and TLS 1.1 are disabled.

7. Do I need to update my server’s SSL/TLS certificates after disabling TLS 1.0 and TLS 1.1?

Disabling TLS 1.0 and TLS 1.1 on your Windows Server does not require updating your existing SSL/TLS certificates. However, it is essential to ensure that your certificates are valid, up to date, and issued by a trusted Certificate Authority (CA). If your certificates are about to expire or if you have concerns about their security, consider obtaining new certificates to maintain a secure and trustworthy connection.

8. Can I disable TLS 1.0 and TLS 1.1 for specific applications or services on my Windows Server?

Yes, you can disable TLS 1.0 and TLS 1.1 for specific applications or services on your Windows Server. The process may vary depending on the application or service, but it typically involves configuring the application’s settings or modifying its configuration files. Refer to the documentation for the specific application or service for more information on how to disable the older TLS versions.

9. How do I ensure that my Windows Server is using the most secure encryption standards after disabling TLS 1.0 and TLS 1.1?

To ensure that your Windows Server is using the most secure encryption standards after disabling TLS 1.0 and TLS 1.1, follow these steps:


1. Enable the latest versions of the TLS protocol, such as TLS 1.2 and TLS 1.3, following the instructions provided in the FAQ about enabling TLS 1.2 and TLS 1.3 on Windows Server.
2. Regularly update your server’s operating system and installed software to apply security patches and improvements.
3. Use strong cipher suites that provide robust encryption, authentication, and key exchange.
4. Keep your SSL/TLS certificates up to date and ensure they are issued by a trusted Certificate Authority (CA).

10. What are the potential security risks of not disabling TLS 1.0 and TLS 1.1?

Not disabling TLS 1.0 and TLS 1.1 can expose your Windows Server to several potential security risks, including:


1. Vulnerabilities in the older TLS protocol versions, such as BEAST, POODLE, and DROWN.
2. Weak encryption algorithms and cipher suites that are easier for attackers to exploit.
3. Non-compliance with security standards and best practices, which may lead to penalties or reputational damage.
4. Reduced compatibility with modern clients that prefer or require more secure versions of the TLS protocol.

11. How do I monitor the TLS connections on my Windows Server?

To monitor the TLS connections on your Windows Server, you can use built-in tools, such as Performance Monitor or Event Viewer, or third-party monitoring solutions that provide more detailed information and analysis. By monitoring your server’s TLS connections, you can ensure that your server is using the desired versions of the TLS protocol, identify potential security issues, and optimize your server’s performance.

Keep Exploring

About the author

Author Image

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience spanning IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

To know more about him, you can visit his profile on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked

  1. The line breaks in the cmd sample aren't quite right.

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" /v Enabled /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f

    should be

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" /v Enabled /t REG_DWORD /d 0 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f

    Reply

  2. Hi Arun,

    You wrote

    "How to Disable TLS 1.0 and TLS 1.1 on Windows Server?
    We have covered 3 different ways to disable TLS 1.2 and TLS 1.3 on your Windows Server in this post. You can choose any one of the three ways to disable TLS 1.2 and TLS 1.3 on your Windows Server depending on your technical and automation skills."

    But don't you mean:

    "How to Disable TLS 1.0 and TLS 1.1 on Windows Server?
    We have covered 3 different ways to disable TLS 1.0 and TLS 1.1 on your Windows Server in this post. You can choose any one of the three ways to disable TLS 1.0 and TLS 1.1 on your Windows Server depending on your technical and automation skills."

    Steps by steps are very well explained but they show disabling TLS 1.0 and TLS 1.1 and not TLS 1.2 and 1.3

    Reply

  3. Great blog post Arun. Please note, these changes do not come into affect until a reboot/restart is done.

    Richard.

    Reply

  4. Great tutorial!! as a newbie admin like me help a lot to know a few method to modify the win registry , method 3 by far the best for me.

    Reply

  5. Methos 1 has a few errors – seems like you have switched what should be disabled and what should be enabled:

    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client\Enabled with Hexadecimal value as ‘1’ – SHOULD BE SET TO 0!
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client\DisabledByDefault with Hexadecimal value as ‘0’ – SHOULD BE SET TO 1!

    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server\Enabled with Hexadecimal value as ‘1’ – SHOULD BE SET TO 0!
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server\DisabledByDefault with Hexadecimal value as ‘0’ – SHOULD BE SET TO 1!

    Reply
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.