none
Disabling TLSv1 per PCI requirements breaks IE 8-10 RRS feed

  • Question

  • Since current PCI requirements make it necessary to disable TLSv1 support on your site to stay compliant anybody using IE 8-10 in it's default configuration will not be able to use those sites.

    Is there any plan in place to patch IE 8-10 to enable TLSv1.1 and 1.2 by default?

    Come June 30 2016 all sites that have to be PCI compliant will have to disable TLSv1. Killing access to those running IE 8-10.

    Monday, April 27, 2015 5:36 PM

Answers

  • Hi Joe,

    As you mentioned that Previous version Internet Explorer do not support TLSv1.1 or TLSv1.2 by default. These need to be turned on manually. Since it is by design, I am afraid there might be no such an in place patch to fix this. And to change these settings, some registry modification are required, you could either deploy these entry by using Group Policy or scripting depending on your environment.

    The related registry is the following one:

    [HKLM|HKCU]\Software\Microsoft\Windows\CurrentVersion\Internet Settings

    Find or create the DWORD value SecureProtocols

    Regards,

    D. Wu


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Thursday, April 30, 2015 1:19 AM
    Moderator