How to disable TLS 1.0
Posted on 29 February 2016 by Beaming SupportDisabling TLS 1.0 is often a requirement for PCI compliance scanning. This article explains how to disable TLS 1.0 to meet PCI compliance.
Before you do disable TLS 1.0, make sure to read the NB. Our instructions follow.
NB –
Backup your current Registry Set / System State [Virtual Machine Snap Shot]
If you run a Terminal Server / RDP read the important points regarding the Windows 7 patch to ensure RDP will work for these clients and note it will cease working for any earlier OS. Ensure Terminal Server is set to allow / negotiate authentication so TLS 1.1 / 1.2 can be used.
Check with your software suppliers that TLS 1.0 is not required for any communication of their software before implementing.
Disabling TLS 1.0 is often a requirement for PCI compliance scanning.
If your server is open to the world and cannot be locked down by source IP access, a strong VPN or by using a gateway device before TLS 1.0 communication is initiated then you can disable it as below –
1. If using a legacy OS [Windows 7] ensure KB3080079 is installed to add support for TLS 1.1 / 1.2
2. Within the registry Navigate to the following location –
HKEY_Local_Machine
System
CurrentControlSet
Control
SecurityProviders
Protocols
TLS 1.0 (Create if it does not exist)
Server (Create if it does not exist)
Then create [DisabledbyDefault] to 1 and Enabled 0
3. Then reboot server for this change to take effect.
Need help with compliance & regulation?
We don’t just see compliance as a box-ticking exercise.