How to disable SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 in Windows 10

Показать описание

This video shows you how to disable the support for older weaker SSL protocols, such as SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1.

These weak SSL protocols which are regularly picked up on security audits as well as Cyber Essentials assessments, which can be easily remediated.

Go into regedit, then go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

From there create a new Key for 'SSL 2.0', 'SSL 3.0', 'TLS 1.0' and 'TLS 1.1'

for instance: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0

Then, create a client and server key inside the protocol you are disabling

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client

Then create a DWORD value called 'Enabled' with the default value of 0. If the value has 1, then this enables the weaker cipher.

Connect with InfoSec Governance at:

Рекомендации по теме

Комментарии

this was the best instructional video I have seen in my life, more videos like this one on EVERYTHING please

Good-Enuff-Garage

Thank you so much for the video.. watching this I disabled TLs old versions in a server.. thanks again

saikrishnavinjamuri

Nice video mate! How does it correspond to settings that can be found in Control Panel? Specifically I mean under Control Panel\Network and Internet -> Internet Options -> Advanced tab-> Security -> Use SSL 3.0/Use TLS 1.0/Use TLS 1.1

Stan-mhbf

Hello,
If I Disable SSL 3.0 with only Server entry (without Client). Then what happens???

jay

Question - why are we adding the SSL components? Don't we want to use SSL 2.0 and 3.0?

rcooper

Thank you.
Выебла мозг эта десятая винда. Убрали управлеие протоколом SSL 2.0 из оснастки и что хояешь то и делай.
Спасибо тебе добрый человек.
сделал файл реестра теппрь просто импортирую его на проблемных машинах.

goolark

Congratulations for the explanation! Example: I have an application on IIS, I scanned it and it presented me with weak ciphers using vulnerable protocols such as SSLv2, SSLv3, TLS 1.0 and TLS 1.2. I managed to disable the protocols, will my application after disabling the protocols work normally?

infosec

It always says cannot connect to this page (Youtube) on my pc cuz it said it has an expired /unsafe TLS settings can u help

Ayrzens

if we disable the SSL we ensure the web application hosted in the server will be accessed only via http (no https ). am i right to say that. right now i am struggling to config my web application on IIS that server only the http. thanks

peternguyen

Hello, thx for this video.Quick question-does this applies to rdp connection as well?

Serpentar

Can you show us how to do this in a group policy for multiple computers? Thank you

jaybigboy

what is the difference between server and client in the keyword. I adjustted like this video in my server. But Remote server couldnt connect to my webservice. what should I do ?

slymaneem

I saw some comments about FTP in the video and if I had an ftp on iis and disabled vulnerable protocols, would that impact FTP functionality? Would I have to make any more changes to the settings?

infosec

Hello, thx for the video. I created the Enabled and DisabledByDefault DWORD and set the Enabled -> 0, DisabledByDefault->1 but, dont't work. If i check the Control Panel\Internet Option\Advanced, i see that the TLS 1.0 is active.

Screew

Hi, I have disabled TLS 1.0 but still showing vulnerability in Nessus scan report

vinodkp

I have found a website, .in which TLS 1.0 enabled, .Is this a Vulnerability? Can I report it?

ultraweapon

Hi do we get successfully connected to TLS 1.0 ang TLS 1.1 in vulnerability report post changes done

deepamahadevan

Hi, so is Dword, DisabledByDefault is not required is it? Cos I had to disable one of the Ciphers and I made the value for Enabled as 0, but that did not work

aliceantony

what did you use to do the sslscan, you were originally in powershell, then switched to something else to do the scan?

marclewis

Should I select QWORD if it is for 64bit?

Bookemon-loho

How to disable SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 in Windows 10

How to disable SSL 2 0, TLS 1 0 and TLS 1 1 in Windows 10

How to disable SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 in Windows 10

How To Disable SSL 2.0/3.0 and Enable TLS 1.2 on windows Server in registry #windowsserver

How to disable SSL 2, SSL3, TLS 1.0 and TLS 1.1 with Group Policy

How to Disable SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 in Windows 11

How to Disable SSL 2.0 and SSL 3.0 within IIS on Windows | VIDEO TUTORIAL

How to disable SSL 3.0 SSL 2.0 and TLS 1.1 and 1.0 at 1 time GO

How to check SSL/TLS configuration (Ciphers and Protocols)

How to disable SSL 2.0 and 3.0?

How to disable SSL 2.0, TLS 1.0 and TLS 1.1 in Windows 10

Disable Deprecated SSL Protocol Versions

Windows Server - How to Disable SSL 2.0, 3.0 and RC4 Cipher Registry Script

Disabling TLS 1.0 and 1.1.

How to disable old or weak version of SSL and TLS on Windows Server 2012

PHP & Composer: The openssl extension is required for SSL/TLS

Disabling SSL version 3.0 Protocol in Windows Server 2012 R2

How to disable old or weak versions of SSL and TLS on Windows Server 2008?

IISCrypto Tool | How to disable SSL and TLS legacy protocol using IISCrypto tool #WindowsServer

IIS 7 7.5 8 Hardening SSL TLS - Windows Server 2008 R2 2012 R2 DISABLE SSL V2/3 POODLE BEAST

How to fix TLS Vulnerabilities on Linux

How to Enable SSL 3.0 in FireFox

How to fix “Not Secure' to 'https Secure' Website (ssl errors)

Howto Disable SSLv2 & Weak Ciphers on IIS

Disable SSL Verification and fetch data from Web API