Share via

Windows server: How TLS 1.2 disable and use only TLS 1.3

Albert Ashkhatoyan 21 Reputation points
2021-07-27T14:36:44.277+00:00

I want to remove all old TLS versions and use only TLS 1.3
I disabled TLS 1.0 , 1.2 , 1.1 and ciphers that support them but when checking with Wireshark it still using the bot of versions 1.2 and 1.3
Can somebody tell me is it possible if yes, how can i do
Thanks in advance!
P.S
I'm using windows server 2022

Windows for business Windows Server User experience Other
Windows for business Windows Server Devices and deployment Configure application groups
0 comments
Accepted answer
  1. Anonymous
    2021-08-02T09:30:04.127+00:00

    Hello @Albert Ashkhatoyan ,

    Thank you for your patience.

    I have done a test in my lab (Windows server 2016), I have had the same result as you.

    1.Disable TLS 1.2 on server 2016.
    119787-130.png

    2.Access the following three web sites.

    Use TLS 1.2

    119788-131.png

    Use TLS 1.3

    119769-132.png

    Use TLS 1.3

    119805-133.png

    After my further, it seems you should disable TLS 1.2 on both system wide and browser wide, and then check if it helps.

    I only find Windows 10 instead of Windows server below for your references.

    How To Enable Or Disable TLS 1.3 In Windows 10
    https://www.itechtics.com/tls-1-3/

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Hope the information above is helpful to you.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-07-28T02:23:16.997+00:00

    Hello @Albert Ashkhatoyan ,

    Thank you for posting here.

    Based on the description "I disabled TLS 1.0 , 1.2 , 1.1 and ciphers that support them but when checking with Wireshark it still using the bot of versions 1.2 and 1.3", please check if you have disabled all old TLS versions (such as TLS 1.0 , 1.1 , 1.2) successfully.

    For how to disable TLS 1.0 , 1.1 and 1.2, please refer to link below.

    Managing SSL/TLS Protocols and Cipher Suites for AD FS
    https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

    Tip: Before disable all old TLS versions (such as TLS 1.0 , 1.1 , 1.2) , you should check that all operating systems and applications support TLS 1.3.

    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.