none
Disable SSL 2.0, 3.0, TSL 1.0 on DC's RRS feed

  • Question

  • I have read a lot of material on this and it comes to two different registry keys, does anyone know which registry key I create and edit to disable SSL 2.0, 3.0, TSL 1.0 on DC's?
    Wednesday, August 17, 2016 2:43 PM

Answers

  • Hi,

    Thanks for your post.

    Please see as below:

    SSL 2.0

    ========================

    This subkey controls the use of SSL 2.0.

    SSL 2.0 is disabled by default on Windows client computers.

    Applicable versions: As designated in the Applies To list that is at the beginning of this topic excluding Windows client versions.

    Registry path: HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

    To disable the SSL 2.0 protocol, create an Enabled entry in the appropriate subkey. This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 0. To enable the protocol, change the DWORD value to 1.

    SSL 3.0

    ======================

    This subkey controls the use of SSL 3.0.

    Applicable versions: As designated in the Applies To list that is at the beginning of this topic.

    Registry path: HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

    To disable the SSL 3.0 protocol, create an Enabled entry in the appropriate subkey. This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 0. To enable the protocol, change the DWORD value to 1.

    TLS 1.0

    ======================

    This subkey controls the use of TLS 1.0.

    Applicable versions: As designated in the Applies To list that is at the beginning of this topic.

    Registry path: HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

    To disable the TLS 1.0 protocol, create an Enabled entry in the appropriate subkey. This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 0. To enable the protocol, change the DWORD value to 1.

    More information here:

    TLS/SSL settings

    https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 18, 2016 5:16 AM
    Moderator