none
TLS 1.0

    Question

  • Hello,

    Greetings !

    Just a query: In our project server, TLS 1.0 parameter itself missing on registry - Which means TLS 1.0 is disabled by default or do I need to create TSL 1.0 dword again to disable the same.

    Thanks & Regards,

    Murali Gangatharan V

    Tuesday, April 16, 2019 12:42 PM

Answers

  • Hi Murali,

    What Operating System is this on? TLS 1.0 isn't a strong protocol so I assume you need this for app/browser compatibility?

    A good tool that will show you all of the currently enabled ciphers/protocols etc can be found below (when you run it, if the box is ticked then it is enabled):

    https://www.nartac.com/Products/IISCrypto/

    Let me know if you have any further questions.

    Thanks,

    Matt

    Tuesday, April 16, 2019 2:17 PM
  • Hi Murali,

    TLS negotiation will work on the highest compatible version and so if you have TLS 1.2 enabled and the client supports it then it will use that.  That being said, it is still good practice to disable TLS 1.0 and 1.1 as those can be used to attack the site and compromise it.

    Thanks,

    Matt

    Wednesday, May 8, 2019 2:48 PM

All replies

  • Hi Murali,

    What Operating System is this on? TLS 1.0 isn't a strong protocol so I assume you need this for app/browser compatibility?

    A good tool that will show you all of the currently enabled ciphers/protocols etc can be found below (when you run it, if the box is ticked then it is enabled):

    https://www.nartac.com/Products/IISCrypto/

    Let me know if you have any further questions.

    Thanks,

    Matt

    Tuesday, April 16, 2019 2:17 PM
  • Hi Murali,

    Did you get to the bottom of this issue?

    Thanks,

    Matt

    Friday, April 19, 2019 6:38 PM
  • Hi Murali,

    Did you get this resolved?

    Thanks,

    Matt

    Tuesday, April 23, 2019 11:38 AM
  • Matt --

    Doesn't it frustrate you to give someone an answer in this forum, and then they cannot give you the common courtesy of letting you know if the solution worked?  I am going to mark your first reply as the answer to this question so we can move on.  Hope this helps.


    Dale A. Howard [MVP]

    Wednesday, April 24, 2019 11:38 PM
    Moderator
  • Hey Matt,

    Sorry for the delay in response.  Just today got time to open this forum, my bad.  The tool you provided worked like charm (On our server, TLS 1.0 is grey-out but tick marked), Thanks for it.  Our servers are 2016 OS !

    General doubt, if the protocol (TLS 1.0) is not there (deleted means) then automatically it has to search for next protocol right but this is something different(enabled --> hidden).

    Thank you.

    Murali

    Wednesday, May 8, 2019 1:42 PM
  • Hi Murali,

    TLS negotiation will work on the highest compatible version and so if you have TLS 1.2 enabled and the client supports it then it will use that.  That being said, it is still good practice to disable TLS 1.0 and 1.1 as those can be used to attack the site and compromise it.

    Thanks,

    Matt

    Wednesday, May 8, 2019 2:48 PM