How do I disable TLS on Windows Server?

Step 1: Navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols". Create a key named "TLS 1.1" with two DWORDs for both TLS 1.0 & 1.1: "DisabledByDefault=1" & "Enabled=0".

How do I disable TLS connection?

Open registry on your server by running regedit in the run window. Navigate to the below location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols . Now change DWORD values under Server and Client under TLS 1.0: DisabledByDefault [Value = 0] and Enabled [Value = 0] .

How to check TLS version on Windows server?

- Press the Windows key + R to start Run, type regedit, and press Enter or click OK . -If you can't find any of the keys or if their values are not correct, then TLS 1.2 is not enabled. I hope this information helps. If you have any questions please let me know and I will be glad to help you out.

Is it safe to disable TLS?

Disabling TLS 1.0 and TLS 1.1 on your server will protect your server and your clients from these vulnerabilities . However, if you have clients that support TLS 1.0 and/or TLS 1.1, but not TLS 1.2, then these clients will not be able to connect to your server if you disable TLS 1.0 and TLS 1.1.

How do I disable SSL verification?

Disable Universal SSL certificate Select your domain. Go to SSL/TLS > Edge Certificates . For Disable Universal SSL, select Disable Universal SSL. Read the warnings in the Acknowledgement.

How do I disable the older versions of TLS desktop central?

Disable older TLS versions From your console, navigate to Admin tab -> Security Settings -> Disable the older forms of TLS .

Is Microsoft disabling TLS?

The internet standards and regulatory bodies have deprecated or disallowed TLS versions 1.0 and 1.1 due to several security issues . Starting with Windows 11 Insiders Preview and Windows Server Insiders Preview releases in 2024, they will be disabled by default.

5 Ways to Enable or Disable TLS on Windows Server (2024)

Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission.

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

If you were wondering how to enable or disable TLS (Transport Layer Security) on Windows Server, you are at the right place.

Transport Layer Security 1.0 hasn’t been supported for a while, so what you also want to do, besides enabling the latest TLS 1.2, is disabling the older version as well.

How do I know if TLS 1.2 is enabled on Windows Server?

Press the Windows key + R to start Run, type regedit, and press Enter or click OK.
Now go to the following key and check it. If it’s present, the value should be 0: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault
Also, check the following key. If you find it, its value should be 1: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\Enabled
If you can’t find any of the keys or if their values are not correct, then TLS 1.2 is not enabled.

How does TLS work?

TLS is a cryptographic protocol that encrypts the data between the client and a web server, thus protecting it from being viewed by a third party.

It also provides you with authentication and integrity protection, ensuring that the data and both the server and client are genuine.

There are four versions of TLS available, with the latest and safest one being 1.3, so be sure to use it along with reliable antivirus for Windows Server for maximum protection.

How do Ienable TLS 1.0 on Windows Server?

NOTE

TLS 1.0 is considered unsafe. If possible, use the 1.2 or newer version instead.

Press Windows key + R and enter regedit. Now press Enter.
Navigate to the following key: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
Right-click the right pane, expand the New section and select Key.
Name the new key TLS 1.0 and move to it.
Create a new key called Client and move to it.
Now right click the right pane, and select DWORD (32-bit) Value from the New menu.
Name the new DWORD Enabled and double-click it to open its properties.
Set the Value data to 1 and click OK to save changes.

Although the solution above helps you with this old version we recommend the Windows Server disable TLS 1.0 and get the newer version.

How can I enable TLS on Windows Server?

1. Enable TLS 1.2 on Windows Server by modifying the registry

If you are running Windows Server 2008, check this Microsoft’s article regarding the necessary update in order to enable TLS 1.2. Once you’ve installed updates, move to the steps below.
Open Registry Editor by pressing Windows key + R and entering regedit.
Since we are dealing with registry, we strongly suggest backing up the current registry state. Incorrect changes to the registry might have detrimental effects on your system.
Once we’ve dealt with that, follow this path:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
Right-click on the empty space in the right pane and choose New and then Key.
Name the new key TLS 1.2 and click to expand it.
Navigate to TLS 1.2, click on the empty space in the right pane and add two new keys. Name the first one Client and the second one Server. It should look like this.
Now, select the Client key, right-click in the right pane and select New and then DWORD (32-bit) Value.
Name the DWORD DisabledByDefault, and double-click it.
Ensure that the Base is Hexadecimal and the value is 0 (zero).
Create a new DWORD and name it Enabled and double-click it.
Ensure that the Base is, again, Hexadecimal and the Value is set to 1.
Repeat this for the Server key with the exactly the same DWORDS and values.
Close the Registry Editor and reboot your server.
If you want to revert back to the initial settings, just restore the Registry state from the backup.

To avoid any unplanned issues, it might be a good idea to use reliable backup software for Windows Server.

2. Enable TLS 1.2 with Powershell on Windows Server

Press Windows key + X and select Windows PowerShell (Admin) from the menu.
When PowerShell opens, run the following commands:
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' –PropertyType 'DWORD' New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD' New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' –PropertyType 'DWORD' New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'

So, by applying these commands you trigger Windows Server to enable TLS 1.2 using PowerShell.

3. Disable TLS 1.0 and TLS 1.1

Open Registry Editor. To do that, press Windows key + R and enter regedit.
Navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
Select Protocols and in the right pane, right-click the empty space. Now choose New and select DWORD (32-bit) Value.
Create a new key as already explained, and name it TLS 1.1. You can create the one named TLS 1.0 as well.
Navigate to the TLS 1.1 key and create a new key called Client. You can also create a Server key if you want
Navigate to the key you created, and make a new DWORD named Enabled.
Dobule-click the Enabled DWORD. Set its value to 0 and confirm changes.

Is there any tool to enable TLS 1.2 on Windows Server?

Download ISS Cryptio GUI.
Once you download the application, run it.
Check TLS 1.2 and click on Apply.

How to enable TLS 1.3 on Windows Server?

Make sure you’re using Windows Sever 2022.
Press Windows key + S and enter command prompt. Select Run as adminsitrator.
Run the following command:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters" /v EnableHttp3 /t REG_DWORD /d 1 /f

Is TLS 1.2 enabled on Windows Server 2016?

The good news is that starting with Windows Server 2016, TLS 1.2 is supported by default for WSUS.

In other words, there is no need to enable TLS 1.2 on Windows Server 2016 or Windows Server 2019.

Therefore, you only need to update TLS 1.2 on Windows Server 2012 and Windows Server 2012 R2 WSUS servers.

That’s how to enable or disable TLS on Windows Server. With those steps, TLS 1.2 is enabled and TLS 1.0 disabled with ease.

All of these solutions require you to modify your registry, so be sure to create a backup beforehand. Also, we advise you to check our guide on how to restore Windows registry without a backup for more information.

What method do you use to enable TLS 1.2 on Windows Server? Let us know in the comments section below.