How to disable SSL 2.0, TLS 1.0 and TLS 1.1 in Windows 10

preview_player
Показать описание
This video shows you how to disable the support for older weaker ciphers, such as SSL 2.0, TLS 1.0 and TLS 1.1.

These weak ciphers are regularly picked up on security audits as well as Cyber Essentials assessments, which can be easily remediated.

Go into regedit, then go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

From there create a new Key for 'SSL 2.0', 'TLS 1.0' and 'TLS 1.1'

for instance: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0

Then, create a client and server key inside the protocol you are disabling

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client

Then create a DWORD value called 'Enabled' with the default value of 0. If the value has 1, then this enables the weaker cipher.

Call us at: 01325 628587

Connect with TeraByte at:

  1. TeraByte IT Limited
  2. ssl
  3. tls
  4. weak ciphers
  5. windows
  6. cyber essentials
Рекомендации по теме
How to disable 0:02:51

How to disable SSL 2 0, TLS 1 0 and TLS 1 1 in Windows 10

How to disable 0:05:26

How to disable SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 in Windows 10

How to Disable 0:01:30

How to Disable SSL 2.0 and SSL 3.0 within IIS on Windows | VIDEO TUTORIAL

How To Disable 0:08:37

How To Disable SSL 2.0/3.0 and Enable TLS 1.2 on windows Server in registry #windowsserver

How to disable 0:03:30

How to disable SSL 3.0 SSL 2.0 and TLS 1.1 and 1.0 at 1 time GO

Windows Server - 0:04:22

Windows Server - How to Disable SSL 2.0, 3.0 and RC4 Cipher Registry Script

How to disable 0:01:43

How to disable SSL 2.0 and 3.0?

Disable Deprecated SSL 0:03:27

Disable Deprecated SSL Protocol Versions

Disabling SSL version 0:02:55

Disabling SSL version 3.0 Protocol in Windows Server 2012 R2

How to disable 0:29:21

How to disable old or weak versions of SSL and TLS on Windows Server 2008?

How to Disable 0:01:17

How to Disable SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 in Windows 11

How to disable 0:08:40

How to disable SSL 2, SSL3, TLS 1.0 and TLS 1.1 with Group Policy

How to disable 0:15:45

How to disable old or weak versions of SSL and TLS on Windows 8?

IIS 7 7.5 0:05:53

IIS 7 7.5 8 Hardening SSL TLS - Windows Server 2008 R2 2012 R2 DISABLE SSL V2/3 POODLE BEAST

How to check 0:08:06

How to check SSL/TLS configuration (Ciphers and Protocols)

IIS Web Server 0:03:33

IIS Web Server - Script for Security Vulnerability Fix | TLS 1.0 | RC4 | SSL 2.0 | SSL 3.0

How to Enable 0:00:48

How to Enable SSL 3.0 in FireFox

SSL 2 0 0:05:55

SSL 2 0 Deprecated Protocol

How to disable 0:00:37

How to disable SSL Expiry, Renewal Emails | WSP Web Hosting

How to disable 0:02:51

How to disable SSL 2.0, TLS 1.0 and TLS 1.1 in Windows 10

Disabling TLS 1.0 0:11:59

Disabling TLS 1.0 and 1.1.

#Security Disable RC4/DES/3DES 0:01:01

#Security Disable RC4/DES/3DES cipher suites in Windows Server registry,GPO, local security settings

Tutorial: Two-Way SSL 0:02:44

Tutorial: Two-Way SSL Mutual Authentication

DevOps & SysAdmins: 0:01:35

DevOps & SysAdmins: SQL Server 2014 Disable SSL/TLS

Комментарии
Автор

This took me to the location of TLS protocol control that was literally stopping me from upgrading my Enterprise environment to Windows 10. Thank you for this video, it made my week! Modified the settings to actually Enable TLS 1.0 and our secure connectivity issue was resolved. It's inside an encrypted VPN tunnel so the traffic, although encrypted with outdated protocol is still safely tucked away in our tunnel.

jerryperry
Автор

Thanks for this short but useful tutorial!

I am on Windows 10. I followed your instructions and verified it twice to make sure i got it right but, unfortunately, it didn't work for me.

After I created the registry keys, I restarted the computer and scanned it with nmap tool with this command:

nmap -sV -p 4343 --script ssl-enum-ciphers <here computerIP address>

I still see that TLS 1.0 and TLS 1.1 are being used.

Here's part of the scan result:

| ssl-enum-ciphers:

| TLSv1.0:

| ciphers:

| (secp256r1) - A

| (secp256r1) - A

| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024) - A

| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024) - A

| compressors:

| NULL

| cipher preference: client

| TLSv1.1:

| ciphers:

| (secp256r1) - A

| (secp256r1) - A

| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024) - A

| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024) - A

| compressors:

| NULL

| cipher preference: client

| TLSv1.2:

| ciphers:

| (secp256r1) - A

| (secp256r1) - A

| (secp256r1) - A

| (secp256r1) - A

| (secp256r1) - A

| (secp256r1) - A

| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024) - A

| (rsa 1024) - A

| TLS_RSA_WITH_AES_128_CCM (rsa 1024) - A

| TLS_RSA_WITH_AES_128_CCM_8 (rsa 1024) - A

| (rsa 1024) - A

| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024) - A

| (rsa 1024) - A

| TLS_RSA_WITH_AES_256_CCM (rsa 1024) - A

| TLS_RSA_WITH_AES_256_CCM_8 (rsa 1024) - A

| (rsa 1024) - A

| compressors:

| NULL

| cipher preference: client

|_ least strength: A

Please let me know if you can think of anything else to disable these protocols.
Thanks!

sakanet
Автор

This video is a nice walk through on the remediation. Can we do this for SSL 3.0 vulnerabilities too ?

rajesh
Автор

Thank you for the video. I'm on Windows 10 and was wondering how would I run the test scan like you did to see which versions are enabled/disabled afterwards. Thanks again!

fasdfasdf
Автор

hm, cant test my system: ERROR: Could not open a connection to host 192.168.178.10 (192.168.178.10) on port 443 what to do? win10 eset fw is disabled (Kali Linux 2021.1 on VMWare16, Win10Pro)

ironblader