none
Registry Modification RRS feed

  • Question

  • Guys,

    when I try to disable TLS 1.1 even manually on a local machine,  

    HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client and set the  REG_DWORD to 0

    When I go into advance settings within Internet Explorer, The TLS 1.1 settings are checked.  if I made modifications in the registry to disables TLS 1.1, I'm thinking that should reflect within the settings of Internet explorer and the TLS 1.1 Settings should be unchecked.   Isn't that the case?

    • Moved by Bill_Stewart Wednesday, April 15, 2020 8:46 PM Move to more appropriate forum
    Wednesday, April 15, 2020 7:13 PM

Answers

  • Programs often cache setting information.

    When you modify settings via the GUI, a "settings chnaged" messge is bradcast throughout the OS, so Programs know to check for any modified settings that apply to them.

    When you edit the registry directly, you often have to restart the associated program (often Explorer or Windows itself) or oterhwise alert it.


    Keith

    Wednesday, April 15, 2020 7:21 PM
  • If disabled for the client then it is also disabled in IE even if IE shows that IE still allows it.

    To change IE use Group Policy.

    Disabling TLS111 that ways can cause unexpected issues.  Use the following method to assure that FPIPS compliance is not removed.

    https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc

    Your issue is not a scripting issue and should be posted in the "Security" forum.


    \_(ツ)_/

    Wednesday, April 15, 2020 7:28 PM

All replies

  • Programs often cache setting information.

    When you modify settings via the GUI, a "settings chnaged" messge is bradcast throughout the OS, so Programs know to check for any modified settings that apply to them.

    When you edit the registry directly, you often have to restart the associated program (often Explorer or Windows itself) or oterhwise alert it.


    Keith

    Wednesday, April 15, 2020 7:21 PM
  • If disabled for the client then it is also disabled in IE even if IE shows that IE still allows it.

    To change IE use Group Policy.

    Disabling TLS111 that ways can cause unexpected issues.  Use the following method to assure that FPIPS compliance is not removed.

    https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc

    Your issue is not a scripting issue and should be posted in the "Security" forum.


    \_(ツ)_/

    Wednesday, April 15, 2020 7:28 PM
  • Programs often cache setting information.

    When you modify settings via the GUI, a "settings chnaged" messge is bradcast throughout the OS, so Programs know to check for any modified settings that apply to them.

    When you edit the registry directly, you often have to restart the associated program (often Explorer or Windows itself) or oterhwise alert it.


    Keith

    Just to add a bit.  Settings in programs are a request to the system.  The setting may not reflect the actual ability because the system may restrict it.  The registry setting would require the WebClient process to be restarted as it effects all processes that access the web and the web client will not change without a restart.  Resta4rting the PC is the best way but the client program's settings will not get changed but will have no effect.


    \_(ツ)_/

    Monday, April 20, 2020 12:29 AM