How do I enable or disable TLS in Windows Server?

TLS is a protocol used to protect network traffic. It encrypts the user’s data in transit between their computer and web server, preventing eavesdropping or tampering by third parties. If you are having problems with TLS on Windows Server, we can help!

The “how to disable tls 1.1 in windows server” is a question that has been asked many times before. The answer is simple, you should enable or disable TLS in Windows Server.

Aleksandar Ognjanovic is a writer who lives in Serbia.

Expert in Troubleshooting

Technology is Aleksandar’s major interest. With a strong literary background, he is motivated to bring cutting-edge technology to the masses. He constantly sees the next great thing around him with his acute eye… Continue reading

9th of December, 2021

Originally published in December 2019

• It’s critical to correctly activate TLS on Windows Server to achieve optimal security.
• The easiest approach to achieve this is to change a handful of registry variables.
• If you prefer the command line, PowerShell may be used to activate this capability.

You’ve come to the correct spot if you’re looking for information on how to activate or disable TLS (Transport Layer Security) on Windows Server.

Transport Layer Security 1.0 hasn’t been supported in a long time, so in addition to activating TLS 1.2, you’ll want to disable the earlier version.

It’s critical to have the most up-to-date security protocol on your Windows Server, rather than an older one with flaws, for security reasons.

As a result, we’ll teach you how to correctly activate and disable TLS in this article.

What is the TLS protocol and how does it work?

TLS is a cryptographic protocol that encrypts data sent between a client and a web server, making it impossible for a third party to read it.

It also offers authentication and integrity protection, guaranteeing that the data, as well as the server and client, are legitimate.

There are four versions of TLS available, with 1.3 being the most recent and safest. For optimal security, use it in conjunction with a reputable antivirus for Windows Server.

On Windows Server, how do I activate TLS 1.0?

NOTE

TLS 1.0 is seen as insecure. Instead, if feasible, use the 1.2 or newer version.

1. Enter regedit by pressing Windows key + R. Now hit the Enter key.
2. Make your way to the following key: HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols
3. Expand the New section and pick Key by right-clicking the right pane.
4. Change the name of the new key to TLS 1.0 and use it.
5. Move to Client, a new key you’ve created.
6. Select DWORD (32-bit) Value from the New menu by right-clicking the right pane.
7. Double-click the new DWORD Enabled to open its attributes and give it a name.
8. To save your changes, set the Value data to 1 and click OK.

On Windows Server, how do I activate TLS?

1. Modify the registry to enable TLS 1.2 on Windows Server.

1. If you’re using Windows Server 2008, you’ll want to read this Microsoft article on the required upgrade to enable TLS 1.2. Follow the procedures below once you’ve installed the updates.
2. By hitting Windows key + R and typing regedit, you may access the Registry Editor.
3. We highly advise backing up the current register state since we are working with registration. Changes to the registry that are made incorrectly might have a negative impact on your system.
4. After we’ve taken care of it, continue this path: Computer HKEY LOCAL MACHINESYSTEM CurrentControlSetControlSecurityProvidersSCHANNELProtocols
5. Choose New and then Key from the right-click menu on the empty spot in the right pane.
6. TLS 1.2 is the name of the new key, and you may enlarge it by clicking on it.
7. Navigate to TLS 1.2 and add two new keys to the empty area in the right pane. The first one will be called Client, while the second will be called Server. This is how it should seem.
8. Select the Client key, right-click in the right pane, and choose New, then DWORD (32-bit) Value from the menu.
9. Double-click the DWORD DisabledByDefault and give it a new name.
10. Ascertain that the Base is Hexadecimal and that the value is zero (zero).
11. Double-click Enabled to create a new DWORD with the name Enabled.
12. Make sure the Base is Hexadecimal again, and the Value is set to 1.
13. Replace the DWORDS and values for the Server key with the identical ones.
14. Restart your server after closing the Registry Editor.
15. Simply restore the Registry state from the backup if you wish to go back to the default settings.

It’s a good idea to utilize trustworthy backup software for Windows Server to prevent any unanticipated complications.

2. On Windows Server, use Powershell to enable TLS 1.2.

1. Select Windows PowerShell (Admin) from the menu by pressing Windows key + X.
2. Run the following commands in PowerShell once it is opened: HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server -Force New-Item HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client -Force New-Item HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server’ -name ‘Enabled’ -value ‘1’ –PropertyType ‘DWORD’ New-ItemProperty -Path ‘HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server’ -name ‘ ‘HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server’ -name ‘DisabledByDefault’ -value ‘0’ –PropertyType ‘DWORD’ New-ItemProperty -Path ‘HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server’ ‘HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client’ -name ‘Enabled’ -value ‘1’ –PropertyType ‘DWORD’ New-ItemProperty -Path ‘HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client’ – HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client’ -name ‘DisabledByDefault’ -value ‘0’ –PropertyType ‘DWORD’ New-ItemProperty -Path ‘HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client

3. Turn off TLS 1.0 and 1.1.

1. Open the Registry Editor program. To do so, hit Windows key + R and type regedit into the search box.
2. Go to the Computer tab. HKEY LOCAL MACHINESYSTEM CurrentControlSetControlSecurityProvidersSCHANNELProtocols
3. Select Protocols and right-click the empty spot in the right pane. Now pick New and DWORD (32-bit) Value from the drop-down menu.
4. As previously said, create a new key and call it TLS 1.1. You may also construct one called TLS 1.0.
5. Create a new TLS 1.1 key named Client by navigating to the TLS 1.1 key. If you like, you may also generate a Server key.
6. Make a new DWORD called Enabled in the key you just generated.
7. Select the Enabled DWORD and double-click it. Change the value to 0 and save the changes.

Is there a utility that allows Windows Server to use TLS 1.2?

1. ISS Cryptio GUI may be downloaded here.
2. Run the program when you’ve downloaded it.
3. TLS 1.2 should be checked, and then Apply should be clicked.

On Windows Server, how do I activate TLS 1.3?

1. Check to see whether you’re using Windows Server 2022.
2. Enter command prompt by pressing Windows key + S. Choose Run as administrator from the drop-down menu.
3. Execute the command below: /v EnableHttp3 /t REG DWORD /d 1 /f reg add “HKEY LOCAL MACHINESYSTEMCurrentControlSetservicesHTTPParameters”

That’s how you can turn on or off TLS on Windows Server. TLS 1.2 is enabled and TLS 1.0 is easily removed with those actions.

All of these options involve you to make changes to your registry, so make a backup first. For more detail, we recommend reading our article on how to restore Windows registry without a backup.

What technique do you use on Windows Server to activate TLS 1.2? Please share your thoughts in the comments box below.

Was this page of assistance to you? 2

Thank you very much!

There are insufficient details It’s difficult to comprehend Other Speak with a Professional

There are 3 responses to this post.

Watch This Video-

The “disable tls 1.0 windows server 2019” is a question that has been asked many times before. The answer to the question can be found by following the instructions in the article titled “How do I enable or disable TLS in Windows Server?”

Frequently Asked Questions

How do I enable TLS on Windows Server?

A: To enable TLS on an IIS server, open the Server Manager applet in Windows Server. Click on Web Servers. Scroll down to find your web server and click its name. Under TLS/SSL settings, check the box that says Require secure communications.Click Apply Changes button at the bottom of this window.

How do you check TLS is enabled or not in Windows Server?

A: You can use the following command to see if TLS is enabled or not.

How do I enable TLS on Windows Server 2019?

A: You would have to enable the TLS protocol manually by editing your INI file, typically located at C:\Windows\System32\inetsrv.ini

Related Tags

• how to check tls version on windows server
• disable tls 1.0 windows server
• how to disable tls 1.0 on windows server 2016
• disable tls 1.0 and 1.1 on windows server
• windows server 2019 tls 1.2 enabled by default