Scribd Logo
Upload

Welcome to Scribd!

  • Disable TLS1.0 and 1.1

    Uploaded by

    john
    18 views9 pages
    This document outlines steps to disable TLS 1.0 and 1.1 on servers OLFRDGWEB01 through OLFRDGWEB04. It involves editing the Windows registry by creating keys under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols for TLS 1.0 and 1.1, and adding DWORD values of 0 to disable the protocols for client and server modes.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines steps to disable TLS 1.0 and 1.1 on servers OLFRDGWEB01 through OLFRDGWEB04. It involves editing the Windows registry by creating keys under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols for TLS 1.0 and 1.1, and adding DWORD values of 0 to disable the protocols for client and server modes.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    18 views9 pages

    Disable TLS1.0 and 1.1

    Uploaded by

    john
    This document outlines steps to disable TLS 1.0 and 1.1 on servers OLFRDGWEB01 through OLFRDGWEB04. It involves editing the Windows registry by creating keys under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols for TLS 1.0 and 1.1, and adding DWORD values of 0 to disable the protocols for client and server modes.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 9

    Below are steps we need to follow to disable TSL 1.0 and 1.

    1 on below servers : OLFRDGWEB01, OLFRDGWEB02, OLFRDGWEB03 & OLFRDGWEB04

    Method 1 : Disable TLS 1.0 and TLS 1.1 manually using Registry
    Let’s begin learning how to disable TLS 1.0 and TLS 1.1 manually using Windows Registry.
    Time needed: 15 minutes.

    1. Open regedit utility


    Open ‘Run‘, type ‘regedit’ and click ‘OK’.

    2.
    3. Create New Key
    In Registry Editor, navigate to the path : Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.
    Create a new key by Right click on ‘Protocols‘ –> New –> Key.

    4.
    5. Rename the Registry Key ‘TLS 1.0’
    Name key as ‘TLS 1.0‘
    Rename the registry key as ‘TLS 1.0‘.

    6.
    7. Create One More Registry Key ‘Client’ underneath ‘TLS 1.0’
    As smiler to the above step, create another key as ‘Client‘ underneath ‘TLS 1.0‘ as shone in this

    picture.

    8.

    9. Create New Item ‘DWORD (32-bit) Value’ Underneath ‘Client’


    Create new item by right click on ‘Client‘, select ‘New’ –> DWORD (32-bit) Value.

    10.
    11. Rename the Item ‘DWORD (32-bit) Value’ to ‘Enable’
    We Name the item as ‘Enabled‘ with Hexadecimal value as ‘0‘.

    12.

    13. Create another item, ‘DisabledByDefault’ Underneath TLS 1.0


    Similarly, create another item, ‘DisabledByDefault‘, with a Hexadecimal value as ‘1‘.

    14.
    15. Create ‘Server’ and corresponding Keys as in the case of ‘Client’
    Similar to the above steps, create a key ‘Server‘ under ‘Protocols‘ and create registry items ‘DWORD (32-bit)’ and ‘Enabled’ as shown below.

    16.

    17. Disable TLS 1.1 on the Windows Server


    Similar to the above steps, create a key ‘TLS 1.1’ under ‘Protocols‘ and below keys and items to Disable ‘TLS 1.1’

    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client\Enabled with Hexadecimal value as ‘0’


    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client\DisabledByDefault with Hexadecimal value
    as ‘1’
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server\Enabled with Hexadecimal value as ‘0’
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server\DisabledByDefault with Hexadecimal value
    as ‘1’

    18.

    19.

    You might also like