Windows Server - How to Enable TLS 1.2 Registry Script (Disable TLS 1.0, 1.1, RC4, SSL 2.0, 3.0, DH)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi so according to the security standards console June 30th is actually the deadline to get rid of a lot of the obsolete security protocols on your servers so that includes TLS 1.2 the ssl 2.0 and 3.0 so i have a script here that you can run that i will actually do that so i'm gonna show you what that script does so first off i actually tested my site using SSL labs and i'll have these links and also the script in the description area for your download and my site is the package finder and when I run it what I got was a B and I have some weaknesses here the duffy defi Hillman exchange caps my score out of B and I have SSL 3.0 actually enabled and also some ciphers here are C for ciphers that are also obsolete and after running my script which I'll show you in a bit I got all A's so let me go ahead and actually show you exactly what I did here so I have this script that creates entries in the registry so I'm just going to hit edit and you'll see this script creates the TLS 1.2 and test TLS 1.1 and also the 2.0 and 3.0 and it disables those on the server it also has the diffie-hellman and what it does is it creates a minimal key length for that which is actually in I think it's 24 80 2048 length bit length in decimal and these are the rc4 which I am basically disabling so how does that look on the in the registry after I've run it so it creates these in the in the registry here and you can see these are the keys it's local machine system currentcontrolset control security providers and s channel you'll see under ciphers it disables these so you'll see enabled Kiso so once you run this and all you have to do is double click but first you have to bring up the registry just to double check so when I double click on this it's simply going to prompt you to add these entries in the registry and after I push ok it's gonna have these registry settings now I've already added them so it's not going to add them and you'll notice for 2.0 I have it disabled by default and also the 3.0 disabled by default so if you go back and you look at my scores you'll notice this is a score of an A and I have the 1.2 enabled now the 1.3 is still under approval so it is actually not available yet the 1.2 is enabled the 1.1 and for backwards compatibility the 1.0 is also enable here and I have the SSL three and the SSL to disable and so there you go and I will have these in the description area of this video so look for all of these links there now I also want to mention if you need TSL 1.2 support for sequel server I will also have a link in the description area where you could download that that update so it's just kb three one three five two four four and also for if you have the vulnerable issue and a sequel sir I mean a Windows Server 2008 you could also download that in the description area also so look for this script as well as the other links in the description area and I hope this helped and uh please subscribe I thank you for watching

Info

Channel: CodeCowboyOrg

Views: 64,514

Rating: undefined out of 5

Keywords: TLS 1.0, Windows Server, Security Fix, Security Vulnerability, Registry Settings, TLS 1.2, TLS 1.3, SSL 2.0, Enable, Disable, SSL 3.0, SSL 2, SSL 3, diffie hellman, RC4, Registry, Windows Security Patch, How to Fix, Windows 2008 R2, Windows 2012, Windows 2016, how to enable, how to disable, Grade A

Id: vUuR_M3biDU

Channel Id: undefined

Length: 4min 21sec (261 seconds)

Published: Mon May 14 2018