TLS (Transport Layer Security) is used to sent data over internet securely as encrypted data to ensure hackers are unable to see what you transmitted. But, you need to select correct TLS version for your websites. If you use older versions of TLS, it is not secure to use it for sending data. Otherwise, your site would be exposed to cyber attacks such as POODLE,BEAST and many more. If you find your hosting server is vulnerable due to older TLS versions, you can disable it by modifying registry values. This blog explains how to disable TLS 1.0 via a PowerShell script.
This script would check for the available keys in 'HKLM:\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols' registry path and add new keys as TLS 1.0\Client
Add another key as TLS 1.0\Server
Finally, add DWord value to Disable both Client and Server. It adds DWord value named "Enabled" and set value as 0. Setting Enabled 0 as the DWord value would be disabling the TLS 1.0 protocol.
Find the full script as follows.
If(-Not(Test-Path -Path "HKLM:\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0")) { New-Item -Path "HKLM:\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" -Force New-Item -Path "HKLM:\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" -Force Set-ItemProperty -Path "HKLM:\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" -Name Enabled -Value 0 Set-ItemProperty -Path "HKLM:\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" -Name Enabled -Value 0 } else { Write-Host "TLS 1.0 is disabled" }
No comments:
Post a Comment