Enable/Disable SSL/TLS versions via Registry Editor

Follow
    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth version affected: All

    Description:

    SSL/TLS may need to be enabled/disabled due to environmental factors or restrictions throughout any given time through the server's lifespan.

    Cause:

    TLS versions may be turned off due to security server hardening or cipher/protocol lockdowns.

    Resolution:

    Enabled or disable TLS/SSL as needed be.

     

    1. Open up regedit.exe and navigate to the key location provided:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

    2. Once here, expand Protocols, there will be the following:


    3. To disable or enable a protocol, expand Server or Client, whichever you want to change and adjust the value to the following:

      Binary:
      0 - off
      1 - on

      Hexadecimal:
      0x00000000 - off
      0xffffffff - on (4294967295)
    4. For example, to disable TLS 1.0 on the server side, you would Set DisabledByDefault to 1 and Enabled to 0  These are DWORD values

    5. Once the respective changes are made, restart the server for the registry to propagate.
    6. The screenshot below shows TLS 1.2 Enabled for Server communication. 
    0 out of 0 found this helpful

    Comments

    1 comment
    • Thanks Justin,
      But we know how to do this,

      But "can" we eliminate TLS 1.1 with SA SSO without affecting our end clients?

      Ron
      Ron

      0
      Comment actions Permalink

    Please sign in to leave a comment.