How To Disable TLS 1.0 & TLS 1.1 on a Windows Server, VPS or Cloud VM

We talked extensively about Google, Microsoft and PCIs push to create a more secure internet. From supporting an open-source SSL certificate initiative like Let’s Encrypt to prompting “Not Secure” warning when visiting all HTTP sites through chrome, IE, and Mozilla. Those of you who are running an e-commerce site are familiar with PCI and already know that PCI has deprecated TLS1.0 & TLS 1.1 so the minimum requirements are TLS 1.2 and the gold standard is TLS 1.3. For those of you how are not familiar with PCI you can find out more here.

Transport Layer Security (TLS) is a critical part of a secure online transaction between two systems as it secures communications by authenticating one or both systems. Serious vulnerabilities prompted PCI to deprecate SSL/early TLS on 30 June 2018. So if you are using a Windows server or Windows VPS or Windows cloud VM you can do your part and be an agent of change by disabling TLS 1.0 and TLS 1.1 on your server. Doing so not only secures your server but also forces others who are still using SSL/early TLS to make the switch to more secure encryption technology.

Here is the step by step instruction on how to disable TLS 1.0 and TLS 1.1 on a Windows server:

  1. Open up Registry Editor by clicking on the Start Button, type in Regedit, and then hit Enter. Since we are dealing with registry, we strongly suggest backing up the current Registry state. Misuse of the Registry might have detrimental effects on your system. (In the Regedit screen highlight computer >>File >>Export >> Save file to a location you want)
  2. In Registry Editor, locate the following registry key:

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\TLS 1.0\Server ( or TLS 1.1)                

  1. On the Edit menu, click Add Value.
  2. In the Data Type list, click DWORD.
  3. In the Value Name box, type Enabled, and then click OK.

Note if this value is present; double-click the value to edit its current value.

  1. Type 00000000 in Binary Editor to set the value of the new key equal to “0”.
  2. Click OK. Restart the Server.

Transport Layer Security (TLS) are together cryptographic protocols provides communication safety over a network; for instance a customer linking to a web server. A “handshake” is done at the start of a TLS or SSL connection. During this handshake the customer and server will work out what mutual ciphers and hash algorithms are sustained. This is also where a server will deliver its digital certificate to a linking customer.

TLS is the continuation of SSL. Over the years susceptibilities have been and carry on to be exposed in the denounced SSL and TLS protocols. For this reason, you must disable SSLv2, SSLv3, TLS 1.0 and TLS 1.1 in your server configuration, leaving simply TLS protocols 1.2 and 1.3 enabled.

Transport Layer Security (TLS) is additional security protocol to make sure privacy and information-integrity during web based communication among two applications. Like SSL Protocol, TLS Protocol also comes with two modules – TLS Record Protocol and TLS Handshake Protocol. Elementary properties of TLS Protocol are as follows:

TLS Protocol encrypts data by symmetric cryptography and makes sure privacy during web based communication procedure.

All the mails, which are switch over over the Internet, are tested while transferring from one computer to another. This feature delivers the trustworthiness of the web based communication.

TLS protocol restricts unauthorized users to interfere as a third party in the middle of a communication process over the Internet. The third party will take part in the communication only after identified by the two official communicators or operators.

Transport Layer Security Protocol comes with the cryptographic security to deliver vital privacy between two operators. Like SSL, Transport Layer security Protocol is extensible, i.e., you can integrate new encryption approaches in the TLS framework. By this you can decrease the effort of making new protocols as well as remove the obligation of implementing new set of safety library.

Cryptographic operations delivered by Transport Layer Security Protocol hinge upon the technical configuration of the CPU. These types are also alike to Secure Sockets Layer Protocol. ‘Optional session caching’ is available in TLS Protocol that enhances the number of networks and linkage activity to make the message process effective.