/How to Disable TLS 1.0 on Windows

How to Disable TLS 1.0 on Windows

We just got notified by our security department that they want us to disable TLS 1.0 for the remote desktop connection because it’s not considered secure. In order to disable TLS 1.0, you need to modify the registry. The registry key is not there by default. You will have to create new keys for it. If you want to create it manually, here are the steps.

  1. Run regedit as Administrator
  2. Browse to
    Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\
  3. Right click on Protocols and select New -> Key
  4. Rename the new key TLS 1.0
  5. Right click on TLS 1.0 and select New -> Key
  6. Rename the new key Server
  7. Right click on the Server and select New -> DWORD (32bit) Value
  8. Rename the value Enabled

When you are done, it would be like this screenshot.

If you have a lot of machines to change, I’d recommend using a group policy object to deploy the registry to all the computers.