{"id":940,"date":"2018-07-26T15:03:32","date_gmt":"2018-07-26T13:03:32","guid":{"rendered":"https:\/\/www.em-soft.si\/myblog\/elvis\/?p=940"},"modified":"2018-07-26T15:03:32","modified_gmt":"2018-07-26T13:03:32","slug":"disable-tls-1-0-thru-gpo","status":"publish","type":"post","link":"https:\/\/em-soft.si\/myblog\/elvis\/?p=940","title":{"rendered":"Disable TLS 1.0 thru GPO"},"content":{"rendered":"

Lately I had a lot of problems with TLS 1.0 standards, which have changed. For a lot of secure applications you have to disable TLS 1.0, if you want the connection to work.
\nWell, set settings for any user it makes no sense and the only acceptable way it is thru GPO settings. There is no real setting for change-enabled protocol (you have to do it in Internet Explorer settings). The only way I found was changing the registry value of SecuredProtocol<\/strong>, located in HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings<\/em><\/strong> and HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings<\/em><\/strong>.
\nBut here is only a numerical value and I had to find how is it calculated. I found some values in an article<\/a> and from here you can calculate the desired value. The basic numbers are:
\n0 = Do not use secure protocols
\n2 = PCT 1.0
\n8 = SSL 2.0
\n32 = SSL 3.0
\n128 = TLS 1.0
\n512 = TLS 1.1
\n2048 = TLS 1.2
\nIf you want to enable more protocols, just sum the desired numbers. For example, to enable TLS 1.1, TLS 1.2 and SSL 3.0 is 512 + 2048 + 32 = 2592. This is a decimal value for a registry key SecuredProtocol<\/strong>. Deploy a registry value true GPO and the setting is done.<\/p>\n","protected":false},"excerpt":{"rendered":"

Lately I had a lot of problems with TLS 1.0 standards, which have changed. For a lot of secure applications you have to disable TLS 1.0, if you want the connection to work. Well, set settings for any user it makes no sense and the only acceptable way it is thru GPO settings. There is […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,15],"tags":[39,34,40],"class_list":["post-940","post","type-post","status-publish","format-standard","hentry","category-windows","category-windows-server","tag-windows","tag-windows-10","tag-windows-server"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=\/wp\/v2\/posts\/940","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=940"}],"version-history":[{"count":1,"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=\/wp\/v2\/posts\/940\/revisions"}],"predecessor-version":[{"id":941,"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=\/wp\/v2\/posts\/940\/revisions\/941"}],"wp:attachment":[{"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=940"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=940"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/em-soft.si\/myblog\/elvis\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=940"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}