Zoomtutorials
  • Tutorials
    • DevOps
      • Terraform
      • Git
      • GitHub
      • Jenkins
      • Docker
      • Kubernetes
      • Ansible
      • Python
      • Azure DevOps
      • AWS DevOps
    • Cloud
      • AWS
      • Azure
      • GCP
      • Oracle Cloud
      • Alibaba Cloud
      • IBM Cloud
      • DigitalOcean
      • Linode
    • Microsoft Dynamics ERP
      • Dynamics 365
        • D365 FnO
        • D365 BC
      • Dynamics AX
      • Dynamics NAV
      • Dynamics GP
      • Dynamics CRM
    • Azure DevOps
      • Azure Boards
      • Azure Repos
      • Azure Pipelines
      • Azure Test Plans
      • Azure Artifacts
      • Extensions Marketplace
    • AWS DevOps
      • CodeStar
      • CodeCommit
      • CodeBuild
      • CodeDeploy
      • CodePipeline
      • CodeArtifact
    • Web Server
      • IIS
      • Apache
      • NGINX
      • Tomcat
      • NodeJS
    • Microsoft
      • Office 365
      • Microsoft 365
      • SharePoint
      • MS Dynamics ERP
  • Development
    • Application
      • Magento 2
      • Magento
      • WordPress
      • PHP
      • .Net
      • .Net Core
      • NodeJS
      • JAVA
    • Database
      • Microsoft SQL Server
      • MySQL
      • MariaDB
      • Amazon Aurora
      • SQL Proxy
  • HowTos
    • Linux OS
      • RHEL
      • Ubuntu
      • CentOS
      • Fedora
      • Debian
    • Linux Tips
      • Linux Commands
      • Linux Tricks
      • Linux Cheatsheet
    • Windows OS
      • Server 2019
      • Server 2016
      • Server 2012
      • Server 2008
      • Windows 11
      • Windows 10
      • Windows 8
      • Windows 7
    • Windows Tips
      • Windows Commands
      • Windows Shortcuts
  • Tools
    • Monitoring
      • New Relic
      • ELK Stack
    • Security
      • Firewall
      • Internet Security
      • Antivirus
    • Backup
      • SQL Backup
      • Iperius Backup
  • Courses
  • News
  • Submit Tutorials
  • More…
    • Services
    • Write For Us
    • Hire Us
    • Community
    • Donate ❤️
    • Contact Us
Facebook Twitter Instagram
Zoomtutorials
  • Tutorials
    • DevOps
      • Terraform
      • Git
      • GitHub
      • Jenkins
      • Docker
      • Kubernetes
      • Ansible
      • Python
      • Azure DevOps
      • AWS DevOps
    • Cloud
      • AWS
      • Azure
      • GCP
      • Oracle Cloud
      • Alibaba Cloud
      • IBM Cloud
      • DigitalOcean
      • Linode
    • Microsoft Dynamics ERP
      • Dynamics 365
        • D365 FnO
        • D365 BC
      • Dynamics AX
      • Dynamics NAV
      • Dynamics GP
      • Dynamics CRM
    • Azure DevOps
      • Azure Boards
      • Azure Repos
      • Azure Pipelines
      • Azure Test Plans
      • Azure Artifacts
      • Extensions Marketplace
    • AWS DevOps
      • CodeStar
      • CodeCommit
      • CodeBuild
      • CodeDeploy
      • CodePipeline
      • CodeArtifact
    • Web Server
      • IIS
      • Apache
      • NGINX
      • Tomcat
      • NodeJS
    • Microsoft
      • Office 365
      • Microsoft 365
      • SharePoint
      • MS Dynamics ERP
  • Development
    • Application
      • Magento 2
      • Magento
      • WordPress
      • PHP
      • .Net
      • .Net Core
      • NodeJS
      • JAVA
    • Database
      • Microsoft SQL Server
      • MySQL
      • MariaDB
      • Amazon Aurora
      • SQL Proxy
  • HowTos
    • Linux OS
      • RHEL
      • Ubuntu
      • CentOS
      • Fedora
      • Debian
    • Linux Tips
      • Linux Commands
      • Linux Tricks
      • Linux Cheatsheet
    • Windows OS
      • Server 2019
      • Server 2016
      • Server 2012
      • Server 2008
      • Windows 11
      • Windows 10
      • Windows 8
      • Windows 7
    • Windows Tips
      • Windows Commands
      • Windows Shortcuts
  • Tools
    • Monitoring
      • New Relic
      • ELK Stack
    • Security
      • Firewall
      • Internet Security
      • Antivirus
    • Backup
      • SQL Backup
      • Iperius Backup
  • Courses
  • News
  • Submit Tutorials
  • More…
    • Services
    • Write For Us
    • Hire Us
    • Community
    • Donate ❤️
    • Contact Us
Facebook Twitter Instagram YouTube LinkedIn
Zoomtutorials
Home»Tutorials»Web Server»IIS»Disabling TLS 1.0 (and All SSL Versions) and Enabling TLS 1.2 on Windows Server with Nartac IIS Crypto
IIS

Disabling TLS 1.0 (and All SSL Versions) and Enabling TLS 1.2 on Windows Server with Nartac IIS Crypto

Choudhury SBy Choudhury SJuly 2, 2018Updated:July 20, 20219 Comments2 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter LinkedIn Pinterest Email

Before we directly jump to the configuration part, let me first explain what is SSL/TLS. SSL and TLS are cryptographic protocols that provide authentication and data encryption between different communication endpoints (e.g., a client connecting to a web server), with SSL the predecessor to TLS. Every few years we see that the new versions of SSL/TLS is released to address the security vulnerabilities (e.g., BEAST, POODLE, DROWN) and support the strongest and most secure cipher suites. The latest being TLS 1.3, which was just approved by the IETF (Internet Engineering Task Force).

As a industry best practice, you should disable the old protocols which are vulnerable to attacks and update your servers to support the latest protocols. As of June 30, 2018, all websites will need to be on TLS 1.1 or higher in order to comply with the PCI Data Security Standard (DSS) also known as PCI compliance.

How to Check if  SSL and TLS 1.0 Protocols is still enabled on your site

In order to check whether your server still supports the vulnerable protocols, you can use Qualys SSL Server Test. Type your domain name to test and once the test is completed, scroll down to the protocols section and you’ll see a list of all the protocols and their status. Below is an example of a client site I tested and I can say that the administrator has maintained the server very badly,  since it still supports SSL 2.0, SSL 3.0, and TLS 1.0 and doesn’t support TLS 1.2. I then logged into the server and ran a GUI tool and below is the status of the protocols (which means all protocols supported by the OS is enabled), which is really bad.

iis crypto default - Disabling TLS 1.0 (and All SSL Versions) and Enabling TLS 1.2 on Windows Server with Nartac IIS Crypto
bad ssl test 768x187 - Disabling TLS 1.0 (and All SSL Versions) and Enabling TLS 1.2 on Windows Server with Nartac IIS Crypto
Enable/Disable SSL/TLS Protocols

In order to disable the old protocols (TLS 1.0 and all SSL versions), I downloaded a GUI tool named NARTAC IIS CRYPTO which comes very handy for system administrators instead of editing the registry settings. Below is a screenshot of the software used to enable/disable the protocols. After enabling/disabling the protocols, you need to apply and restart the server in order for the changes to be applied system wide.

iis crypto edit - Disabling TLS 1.0 (and All SSL Versions) and Enabling TLS 1.2 on Windows Server with Nartac IIS Crypto

After the changes is applied and system/server restarted, I again checked the site on Qualys SSL Server Test and below is the server configuration with proper protocols enabled.

good ssl test 768x191 - Disabling TLS 1.0 (and All SSL Versions) and Enabling TLS 1.2 on Windows Server with Nartac IIS Crypto
security ssl tls webserver windows
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Choudhury S
  • Website

Choudhury is the founder and chief editor of ZoomTutorials Blog, a leading tutorials and technology blogging site specializing in DevOps, SysAdmin and Cloud Technologies to help IT professionals in their day to day work. He is a Senior Cloud and DevOps Solutions Engineer at a leading eCommerce development Company and has more than 10+ years of Cloud, DevOps and SysAdmin experience working with Fortune 500 companies to solve their most important IT backbones. He lives in Hyderabad with his wife and a son.

Related Posts

How to Use the slmgr Command in Windows

August 27, 2021

How To Extend Windows Server Evaluation after Trial Period Expiry

August 26, 2021

Azure Web Application Firewall (WAF) Use Cases

April 15, 2020
0 0 votes
Article Rating
Subscribe
Notify of
guest
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

9 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
wpdiscuz   wpDiscuz

Buy Me a Coffee Plz...

Get our latest tutorials
Recent Posts
  • How to Use the slmgr Command in Windows
  • How To Extend Windows Server Evaluation after Trial Period Expiry
  • List of Useful Magento 2 Commands
  • Magento 2 Commands and the Use Cases
  • MySQL and MariaDB Performance Tuning and Optimization
  • Microsoft Dynamics AX End of Support/Life
  • Magento Community read/write splitting with Database Proxy
  • Git Commands for developers and sysadmins
  • Install the git credential-oskeychain
  • Install Git on Windows, Linux and Mac
June 2022
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
27282930  
« Aug    
Archives
Site Statistics
  • Visitors today : 7
  • Page views today : 8
  • Total visitors : 11,785
  • Total page view: 12,650
svg+xml;base64,PHN2ZyB2aWV3Qm94PScwIDAgMSAxJyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnPjwvc3ZnPg== - Disabling TLS 1.0 (and All SSL Versions) and Enabling TLS 1.2 on Windows Server with Nartac IIS Crypto
Facebook Twitter Instagram YouTube LinkedIn
  • Donation ❤️
  • About
  • Services
  • Submit Tutorials
  • Contact Us
  • Privacy Policy
  • Terms of Use
Copyright © 2017- 2022 by Zoomtutorials.com. All Rights Reserved. Designed with ❤️ by CloudSols.com

Type above and press Enter to search. Press Esc to cancel.

wpDiscuz