How to disable weak versions of SSL/TLS Protocols on Windows Servers

Hi, in this post, I want to show you how to disable the weak versions of the Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols using Windows PowerShell.

Surely, before disabling weak versions of SSL / TSL protocols, you will want to make sure that you can use the TLS 1.2 protocol on your system.

In the following table, you can see the protocols that are compatible with the Windows operating system.

WindowsVersion TLS/SSL

If your system is compatible with version TLS 1.2, verify that you have the following updates installed before making the change to your production web servers.

Enable TLS 1.2

To enable the TLS v1.2, open a Windows PowerShell command prompt as administrator and run the following commands:

Enable TLS 1.2

Once the TLS 1.2 protocol is enabled on your system, we can proceed to disable the weak versions of the SSL / TSL protocols.

Disabling SSL 2.0 and SSL 3.0

To disable the SSL v2.0, open a Windows PowerShell command prompt as administrator and run the following commands:

disable SSL/TLS

In the PowerShell console, run the following commands as an administrator to disable SSL v3.0:

disable SSL 3.0

Disabling TLS 1.0 and 1.1

To disable the TLS v1.0, open a Windows PowerShell command prompt as administrator and run the following commands:

disable SSL/TLS

and run the following commands to disable version 1.1 of TLS:

disable TLS 1.1

After executing the above steps, you must restart Windows server to fully apply the changes.

If you want to know why you should disable the weak versions of SSL / TSL protocols, check out this link: https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/#SsRVAXizzv1LkoUP.97