Enable TLS and disable SSL and Cipher on windows server 2008R2

Disable Ciphers

For configuring ciphers like DES/RC2/RC4, etc. –
Browse to HKEY_LOCAL_MACHINE/SYSTEM/CurrnetControlSet/Control/SecurityProviders/SCHANNEL/Ciphers 

 · Right click Ciphers folder and select create new key and create DES 56/56.

· Create new key for NULL, RC 56/128, RC2 128/128, RC2 40/128, RC4 128/128, RC4 40/128, RC4 56/128, RC4 64/128, Triple DES 168

· Right click each new key created and select new – DWORD (32 bit) value, name it Enabled and set value to 0.

Now all the above ciphers have been disabled.

To disable SSL and enable TLS Settings

Browse to HKEY_LOCAL_MACHINE/SYSTEM/CurrnetControlSet/Control/SecurityProviders/SCHANNEL/Protocols

 · Create new keys under protocols folder named SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2

· Create sub keys named Client and Server for each key created in the step above.

DISABLE SSL

· SSL 2.0 – Client

o Right click Client, select new DWORD (32 bit) value , name it DisabledByDefault , value 1.

o Right click Client, select new DWORD (32 bit) value , name it Enabled , value 0.

 · SSL 2.0 – Server

o Right click Client, select new DWORD (32 bit) value , name it DisabledByDefault , value 1.

o Right click Client, select new DWORD (32 bit) value , name it Enabled , value 0.

 · SSL 3.0 – Client

o Right click Client, select new DWORD (32 bit) value , name it DisabledByDefault , value 1.

o Right click Client, select new DWORD (32 bit) value , name it Enabled , value 0.

· SSL 3.0 – Server

o Right click Client, select new DWORD (32 bit) value , name it DisabledByDefault , value 1.

o Right click Client, select new DWORD (32 bit) value , name it Enabled , value 0.

Enable TLS

 · TLS 1.0 – Client

o Right click Client, select new DWORD (32 bit) value , name it DisabledByDefault , value 0.

o Right click Client, select new DWORD (32 bit) value , name it Enabled , value 1.

· TLS 1.0 – Server

o Right click Client, select new DWORD (32 bit) value , name it DisabledByDefault , value 0.

o Right click Client, select new DWORD (32 bit) value , name it Enabled , value 1.

· TLS 1.1 – Client

o Right click Client, select new DWORD (32 bit) value , name it DisabledByDefault , value 0.

o Right click Client, select new DWORD (32 bit) value , name it Enabled , value 1.

· TLS 1.1 – Client

o Right click Client, select new DWORD (32 bit) value , name it DisabledByDefault , value 0.

o Right click Client, select new DWORD (32 bit) value , name it Enabled , value 1.

· TLS 1.2 – Client

o Right click Client, select new DWORD (32 bit) value , name it DisabledByDefault , value 0.

o Right click Client, select new DWORD (32 bit) value , name it Enabled , value 1.

· TLS 1.2 – Client

o Right click Client, select new DWORD (32 bit) value , name it DisabledByDefault , value 0.

o Right click Client, select new DWORD (32 bit) value , name it Enabled , value 1.

After applying the above changes, REBOOT the server for the changes to take effect.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s