How to Disable SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1 & Enable TLS 1.2

0

What is SSL & TLS and Why We need to Disable Old Version?

SSL (Secure Socket Layer) is a technology to keep an internet connection secure or protected when there is a data transfer between two systems and prevents criminals to steal that data or information. For example, credit card transaction on a shopping website. SSL uses an encryption algorithm to scramble data to keep it safe from hackers.
TLS (Transport Layer Security) is an updated, reliable and more secure version of SSL. We need to disable to the old version of SSL and TLS else they can be a security threat to your network.

How to Disable SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1 & Enable TLS 1.2

Objective: Disabling  SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1 & Enable TLS 1.2 on Windows PCs

Disable SSL & TLS

Solution:  This procedure involves editing in registry so its better to take registry or if your server is virtual, take a snapshot for restoring later. In addition to this, make sure that your application running on server support TLS 1.2 which will be only active TLS protocol.

1- Open registry console with administrative access

2- Browse the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols path and create the following Keys , sub keys and then DWORD Value

Disable TLS & SSL

  • Enable TLS 1.2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
“DisabledByDefault”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
“DisabledByDefault”=dword:00000000

  • Disable SSL 2.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
“DisabledByDefault”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
“Enabled”=dword:00000000

  • Disable SSL 3.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
“DisabledByDefault”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
“Enabled”=dword:00000000

  • Disable TLS 1.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
“DisabledByDefault”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
“Enabled”=dword:00000000

  • Disable TLS 1.1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
“DisabledByDefault”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
“Enabled”=dword:00000000

3- To save time, download the following registry file and run it to make all above changes.

Disable TLS SSL (Click to download file)

Leave A Reply

Your email address will not be published.