Disabling TLS 1.0 and 1.1 at the Windows OS level

Babar Zaheer 0 Reputation points
2024-05-23T20:20:00.6966667+00:00

Hello,

 

I am trying to determine if there is a way to permanently remove a windows OS ability to communicate using TLS 1.0 and 1.1.

 

I am familiar with the registry changes to disable TLS 1.0 and 1.1 but I am looking for a solution that cannot be overridden via registry changes.

 

Also, can you confirm that disabling TLS 1.0 and 1.1 at the Windows OS level effectively blocks all applications running on the OS from using TLS 1.0 and 1.1.

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,967 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,467 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,435 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ian Xue (Shanghai Wicresoft Co., Ltd.) 32,336 Reputation points Microsoft Vendor
    2024-05-24T00:55:28.37+00:00

    Hi Babar Zaheer,

    Thank you for posting in Q&A.

    Permanently disabling TLS 1.0 and 1.1 on a Windows OS level to the point where it cannot be overridden via registry changes is not a standard feature provided by the OS. The typical method to disable these protocols is through registry edits, which, as you mentioned, can be overridden.

    As for your second question, disabling TLS 1.0 and 1.1 at the Windows OS level should effectively block all applications running on the OS from using TLS 1.0 and 1.1, as these protocols are part of the Windows Secure Channel (Schannel) security package. It's recommended to also check the specific configurations of the applications running on the OS because they may have their own mechanisms to handle TLS.

    Best Regards,

    Ian Xue


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments