Course Content

Total learning: 21 lessons Time: 2 hours

Disable All Protocols Other Than TLS 1.2

If you wish to force all traffic to use the TLS 1.2 protocol and disable other, older, protocols, please follow these steps.  Note, this is required on ALL servers if the desire is to disable all protocols other than TLS 1.2.

 Adjust the TLS Settings

To easily enable or disable different Server Protocols, we recommend the use of a 3rd party tool called IIS Crypto (download).

1. Run “IISCrypto.exe” as administrator

2. Click: Schannel

3. Click: Best Practices

4. Un-check “TLS 1.0” and “TLS 1.1” in Protocols

5. Click “Apply

6. Reboot Server

7. Repeat previous steps on the Database Server and all Mediasite servers

If you do not wish to use IIS Crypto, alternate instructions can be found on Microsoft’s website.

Use Window PowerShell to check what Ciphers are enabled on your system

Use the PowerShell cmdlet Get-TlsCipherSuite to get the list of TLS cipher suites for a computer. https://docs.microsoft.com/en-us/powershell/module/tls/get-tlsciphersuite?view=win10-ps

1. Open Windows PowerShell as Administrator.

2. Run the command: Get-TlsCipherSuite

3. Output will be all enabled TLS cipher suites

4. Optional: To get a more user friendly list of the enabled ciphers, add the following parameters to the cmdlet by running the command: Get-TlsCipherSuite | ft name,certificate,cipherlength

Was this Information helpful?