fbpx
  1. Home
  2. Knowledge Base
  3. Web Server Configuration Guides
  4. Disabling TLS 1.0 & 1.1
  5. How to disable TLS 1.0 and TLS 1.1 on Windows Server 2008/2016

How to disable TLS 1.0 and TLS 1.1 on Windows Server 2008/2016

 

  1. In the Windows start menu, type regedit and open it

  2. We strongly recommend backing up your current registry before making any changes. This can be done by clicking File, then Export and then save the backup at a safe location

  3. Go to the following path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\
    CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

    How to disable TLS 1.0 and TLS 1.1 on Windows Server 2008/2016  


  4. Right-click on the empty space in the pane on the right side and choose New > Key

  5. Name the new key TLS 1.0

  6. Select the new key and right-click the empty space on the right side and add two new keys named Client and Server

  7. Select the Client key, right-click on the right side, and select New -> DWORD (32-bit) Value

  8. Name the DWORD Enabled, right-click on it, and select Modify. The base should be set to Hexadecimal and the value set to 0. Do the same with the Server key:

    How to disable TLS 1.0 and TLS 1.1 on Windows Server 2008/2016


  9. To disable TLS 1.1 repeat the same process making a new key TLS 1.1

  10. Close the registry and reboot your server


If anything goes wrong, you can revert to your initial registry settings by double-clicking your registry backup file created in step 2.

You can check if your configuration is correct by looking up your site in our SSL Labs checker:

https://trustzone.ssllabs.com

In the Configuration section, you can see the protocols enabled for your site.

You can check which protocols are supported on a different version of Windows by following this link:

https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl–schannel-ssp-

Get in touch with us for a non-binding quote

We will contact you as soon as possible.

* Please use a work email address to register

User-friendly and powerful

TRUSTZONE was founded in 2004 and has since come a long way being the
leading SSL/TLS certificate provider in Scandinavia. We also lead the way in
supplying the scalable PKI and IoT solutions for encryption, authentication,
and automated certificate lifecycle management.

The solutions we offer meet the requirements of various types of companies
and organizations. What your business is certain to gain is a complete palette
of compatibility-optimized, fully scalable certificate products and solutions.

What if you could get the security and commercial benefits of digital
certificates without the hassle of installation, configuration, and
maintenance?

Managed SSL solves that equation: Get instant deployment, automatic
configuration, and world-class monitoring of the full
range of digital certificates
. The built-in one-time vetting feature
lets you issue any PKI-based certificate instantly.

Over 16 years of experience with PKI, SSL/TLS, and certificate management in
our line of work truly stands for something. More than 3,000 companies and more
than 80% of the Danish banking sector is protected by TRUSTZONE certificates.

 

Follow us on LinkedIn to get the latest updates, news and insights.


Was this article helpful?