Ensure TLS 1.0 protocol is disabledID: oval:org.secpod.oval:def:54848 | Date: (C)2019-05-17 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
This policy setting determines whether TLS 1.0 protocol is disabled. TLS 1.0 has several flaws. An attacker can cause connection failures and they can trigger the use of TLS 1.0 to exploit vulnerabilities like BEAST (Browser Exploit Against SSL/TLS).
Counter Measure:
Configure this setting to disable TLS 1.0.
Potential Impact:
Disabling TLS 1.0 will block server access from a number of browsers and operating systems.
Fix:
(1) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server!Enabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client!Enabled
Platform: |
Microsoft Windows Server 2016 |