How To Disable TLS 1.0 With IIS?
SSL and TLS are cryptographic protocols that provide authentication and data encryption between different endpoints (e.g., a client connecting to a web server), with SSL as the predecessor to TLS. Since SSL’s first iteration back in 1995, new versions of each protocol have been released to address vulnerabilities and support the strongest and most secure cipher suites and algorithms. We are currently on TLS 1.3, which was just approved by the IETF (Internet Engineering Task Force).
Tip- we recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows 2008.
WITH GUI
The simplest way to disable insecure protocols and ciphers is to use a GUI. Because Windows doesn’t provide such an interface, you’ll need to use a tool like Nartac’s IIS Crypto tool to disable the insecure options.
MANUAL
Enabled or disable TLS/SSL as needed.
- Open up regedit.exe and navigate to the key location provided:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols - Once here, expand Protocols, there will be the following:
- To disable or enable a protocol, expand Server or Client, whichever you want to change, and adjust the value to the following:
Binary:
- 0 – off
- 1 – on
Hexadecimal:
- 0x00000000 – off
- 0xffffffff – on (4294967295)
Once the respective changes are made, restart the server for the registry to propagate and for the changes to take the effect.
Conclusion
In this blog, we have shared with you the steps of disabling TLS 1.0 with IIS. We tried our best to explain it to you in a simple and clear way.
We hope you have successfully learned the procedure of disabling TLS 1.0 with IIS.
Was this article helpful enough?
Have more questions? Submit a request.
