How to disable TLS 1.0 in Windows 2012 RDP

Disabling TLS is a system-wide registry setting:

https://technet.microsoft.com/en-us/library/dn786418.aspx#BKMK_SchannelTR_TLS10

Key: HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server  
Value: Enabled  
Value type: REG_DWORD
Value Data: 0

Also, the PCI requirement for disabling early TLS does not go into effect until June 30, 2016.

Internet Explorer is one product I know of that has a separate configuration option for the TLS/SSL encryption settings. There may be others.

I have a Windows 2012 R2 server with TLS 1.0 disabled and I can remote desktop to it.

If you are wondering, below is a screenshot of tsconfig.msc on a Windows 2008 R2 server that has KB3080079 installed. There's nothing to configure because the only thing the update did was add support for the other two TLS encryption levels so that when TLS 1.0 is disabled it continues to work.

enter image description here

How to disable TLS 1.0 in Windows 2012 RDP

Tags:

Windows

Rdp

Windows Server 2012

Tls

Related

Recent Posts