0

How do I turn off SSL, TLS-1 support in Windows 7 to be in compliance with PCI standards? Also, I need to remove an SHA-1 certificate. I did some searching and found I can run the "MMC" tool, then add the the snap-in for certificates to see all of them, but I do not understand how they can be removed. Thanks in advance.

After reading some more, I see that some articles are suggesting that I add entries for SSL 1 through 3 and TLS 1 to the registry key

"HKLM>System>CurrentControlSet>Control>SecurityProviders>SCHANNEL>Protocols"

with a value of 0 which means disabled. This is outlined here link

Is it really that simple? I will back up registry first before attempting any changes, but wanted to get some insight from someone with some experience. Thanks in advance.

Cheers!

Improve this question
2
  • @Ramhound thanks, I am new to this. Here is the link to the article link
    – smallz_nbk
    Commented May 13, 2017 at 19:22
  • @Ramhound According to this client's PCI DSS scan through the company "Trustwave", SHA-1 is a vulnerability resulting in a FAIL grade. There is no webserver on this machine, so I am unsure what else to check besides the Windows OS
    – smallz_nbk
    Commented May 13, 2017 at 20:22

1 Answer 1

Reset to default
-1

It is. I was just going through this as well. If it's Win7, just make sure under the TLS 1.0 > Client (or Server depending what you're using is) key there is the following...

DWORD entry called DisabledByDefault = 1 DWORD entry called Enabled = 0

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .