2020年9月15日 星期二

2020年9月2日 星期三

Disable weak versions of SSL/TLS Protocols on Windows Server 2012 R2


Microsoft IIS: Disabling the SSL v3 Protocol

How to Enable TLS 1.2 as the Default Security Protocol on Windows Servers

How to disable weak versions of SSL/TLS Protocols on Windows Servers

Windows 2012 R2 預設有 SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2,只保留 TLS 1.2 其餘關閉。


執行 regedit.exe,切換到 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\


SSL 2.0\Server\Enabled = 0 (Dword)

SSL 2.0\Client\DisabledByDefault  = 1 (Dword)

SSL 3.0\Server\Enabled = 0 (Dword)

SSL 3.0\Client\DisabledByDefault  = 1 (Dword)

TLS 1.0\Server\Enabled = 0 (Dword)

TLS 1.0\Client\DisabledByDefault  = 1 (Dword)

TLS 1.1\Server\Enabled = 0 (Dword)

TLS 1.1\Client\DisabledByDefault  = 1 (Dword)



用 https://www.ssllabs.com/ssltest/ 確認狀態