1. Home
  2. Security Hardening
  3. CIS IIS 10 V1.1.1 L1
  4. Ensure TLS 1.0 is Disabled
Searching...

Ensure TLS 1.0 is Disabled

Details

The PCI Data Security Standard 3.1 recommends disabling ‘early TLS’ along with SSL:

SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016.

Rationale:

Disabling weak protocols will help ensure the confidentiality and integrity of in-transit data.

Solution

Perform the following to disable TLS 1.0:
Set the following key to 0.
HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server:Enabled
HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client:Enabled

Set the following key is set to 1.
HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server:DisabledByDefault
HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client:DisabledByDefault

To disable using PowerShell enter the following command:
New-Item ‘HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server’ -Force | Out-Null

New-Item ‘HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client’ -Force | Out-Null

New-ItemProperty -path ‘HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server’ -name ‘Enabled’ -value ‘0’ -PropertyType ‘DWord’ -Force | Out-Null

New-ItemProperty -path ‘HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client’ -name ‘Enabled’ -value ‘0’ -PropertyType ‘DWord’ -Force | Out-Null

New-ItemProperty -path ‘HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server’ -name ‘DisabledByDefault’ -value ‘1’ -PropertyType ‘DWord’ -Force | Out-Null

New-ItemProperty -path ‘HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client’ -name ‘DisabledByDefault’ -value ‘1’ -PropertyType ‘DWord’ -Force | Out-Null

Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

Source

Updated on July 16, 2022
Was this article helpful?
Yes No

Related Articles