Site Overlay

Turn off Insecure TLS Versions

Turn off Insecure TLS Versions

TLS 1.0 UNRELIABLE TLS 1.1 UNTRUSTED

TLS versions that are secure

Trusted TLS versions for April 27, 2022 and earlier TLS
1.2 TRUSTED TLS 1.3 TRUSTED

Turn off the insecure TLS version

Open the Regedit page and navigate to the following path.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols

Create a new "Key" and make it named TLS 1.0.

Create a new "Key" into the TLS 1.0 "Key" you created and type "Client" into it

Make the name of the drow32 bit build "Enabled".

Set its value to 0 and "Decimal".

In the same way, create a key called "Server" and create an "Enabled" drow value as above and set it to "0" "Decimal".

image 2
Configuration of TLS 1.0 Client KEY
image 3
Configuration of TLS 1.0 Server KEY

Turning Off Unsecured TLS SSL Ciphers

Open the Regedit page and navigate to the following path.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers

Create the new "keys" as follows

image 4
Create the same REG_DWORD values for each KEY

Turn off KeyExchangeAlgorithms for insecure TLS

Open the Regedit page and navigate to the following path.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELKeyExchangeAlgorithms

Create the new "keys" as follows

How to Be Sure You're Turning It Off

Install Kali machine in your environment.

sslscan 10.196.1.103:3389 scan the vulnerable machine and you will see that TLS 1.0 will be disabled in the list and will not come.

image
Clarity of vulnerability
image 1
Termination of vulnerability

You can disable all other TLS versions in this way.

If you want to make regedit configurations manually, you can access the REG files below. Windows 7 has also been tested.

Best regards
Arif Akyüz

Other things I can help you with