Disable SSL 2.0/3.0 and TLS 1.0/1.1

Disable SSL 2.0/3.0 and TLS 1.0/1.1

Learn to disable SSL and weak TLS versions like 1.0 and 1.1

Remove unwanted Windows applications
Moving files up a folder level
Remove Windows Bloatware
function disable-ssl-2.0 {
  New-Item 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 2.0\\Server' -Force
  New-ItemProperty -Path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 2.0\\Server' -Name Enabled -Value 0 –PropertyType DWORD
  Write-Host "Disabling SSLv2"
}

function disable-ssl-3.0 {
  New-Item 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 3.0\\Server' -Force
  New-ItemProperty -Path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 3.0\\Server' -Name Enabled -Value 0 –PropertyType DWORD
  Write-Host "Disabling SSLv3"
}

function disable-tls-1.0 {
  New-Item “HKLM:\\System\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\PROTOCOLS” –Name “TLS 1.0”
  New-Item “HKLM:\\System\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\PROTOCOLS\\TLS 1.0” –Name SERVER
  New-ItemProperty “HKLM:\\System\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\PROTOCOLS\\TLS 1.0\\SERVER” –Name Enabled –Value 0 –Type DWORD
  Write-Host "Disabling TLSv1.0"
}

function enable-tls-1.1 {
  New-Item 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Server' -Force
  New-Item 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Client' -Force
  New-ItemProperty -Path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Server' -Name 'Enabled' -Value '0xffffffff' –PropertyType DWORD
  New-ItemProperty -Path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Server' -Name 'DisabledByDefault' -Value 0 –PropertyType DWORD
  New-ItemProperty -Path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Client' -Name 'Enabled' -Value 1 –PropertyType DWORD
  New-ItemProperty -Path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Client' -Name 'DisabledByDefault' -Value 0 –PropertyType DWORD
  Write-Host "Enabling TLSv1.1"
}

function enable-tls-1.2 {
  New-Item 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server' -Force
  New-Item 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client' -Force
  New-ItemProperty -Path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server' -Name 'Enabled' -Value '0xffffffff' –PropertyType DWORD
  New-ItemProperty -Path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server' -Name 'DisabledByDefault' -Value 0 –PropertyType DWORD
  New-ItemProperty -Path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client' -Name 'Enabled' -Value 1 –PropertyType DWORD
  New-ItemProperty -Path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client' -Name 'DisabledByDefault' -Value 0 –PropertyType DWORD
  Write-Host "Enabling TLSv1.2"
}

disable-ssl-2.0
disable-ssl-3.0
disable-tls-1.0
enable-tls-1.1
enable-tls-1.2

 

COMMENTS

WORDPRESS: 0