Share via

tls1.0 issue

Peter_1985 2,546 Reputation points
2021-07-28T03:40:02.007+00:00

Hi,
In Win 10, how to validate that tls1.0 can be enabled if disabled?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,240 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,279 questions
Windows Network
Windows Network
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Network: A group of devices that communicate either wirelessly or via a physical connection.
662 questions
Accepted answer
  1. Daisy Zhou 18,956 Reputation points Microsoft Vendor
    2021-07-28T07:00:35.963+00:00

    Hello @Peter_1985 ,

    Thank you for your update.

    So you find Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols, right?

    If so, then do as below:

    1-Right click Protocols->New->Key and rename the new Key TLS 1.0.

    118554-tls22.png

    2-Right click TLS 1.0->New->Key and rename the new Key Client.
    118527-tls33.png

    3.Right click Client->New->DWORD (32-bit) value.
    118592-tls44.png

    4-Rename "Name" as "Enabled" and modify Data as "1".

    118574-tls55.png

    118503-tls66.png

    5-Repeat step 3 and Rename "Name" as "DisabledByDefault" and modify Data as "0".

    118528-tls77.png

    6-Now TLS 1.0 is enabled.

    7-If you want to disable it, modify Data corresponding to "Enabled" as "0" and
    modify Data corresponding to "DisabledByDefault" as "1".

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

6 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Peter_1985 2,546 Reputation points
    2021-07-30T03:17:14.717+00:00

    Hi,
    To SSL 1.0, SSL 2.0, and SSL 3.0, should there be client and server values and both values should be the same?

    0 comments
  2. Daisy Zhou 18,956 Reputation points Microsoft Vendor
    2021-07-30T05:12:56.707+00:00

    Hello @Peter_1985 ,

    Thank you for your update and accept my reply as answer.

    Beginning with Windows 10, version 1607 and Windows Server 2016, SSL 2.0 has been removed and is no longer supported.

    So my guess is that SSL 1.0 has been removed and is no longer supported, either.

    To SSL 1.0, SSL 2.0, and SSL 3.0, should there be client and server values and both values should be the same?
    A: Yes, please see below settings.

    Enable SSL 2.0 on server
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "DisabledByDefault"=dword:00000000

    Enable SSL 2.0 on client
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "DisabledByDefault"=dword:00000000

    Disable SSL 2.0 on server
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "Enabled"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "DisabledByDefault"=dword:00000001

    Disable SSL 2.0 on client
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "Enabled"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "DisabledByDefault"=dword:00000001

    Enable SSL 3.0 on server
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] "DisabledByDefault"=dword:00000000

    Enable SSL 3.0 on client
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] "DisabledByDefault"=dword:00000000

    Disable SSL 3.0 on server
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] "Enabled"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] "DisabledByDefault"=dword:00000001

    Disable SSL 3.0 on client
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] "Enabled"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] "DisabledByDefault"=dword:00000001

    References
    Protocols in TLS/SSL (Schannel SSP)
    https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-

    Managing SSL/TLS Protocols and Cipher Suites for AD FS
    https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it

    0 comments