question

AlbertAshkhatoyan-9438 avatar image
0 Votes"
AlbertAshkhatoyan-9438 asked FanFan-MSFT commented

Windows server 2022 TLS 1.3

I want to remove all old TLS versions and use only TLS 1.3
I disabled TLS 1.0 , 1.2 , 1.1 and ciphers that support them but when checking with Wireshark it still using the bot of versions 1.2 and 1.3
Can somebody tell me is it possible if yes, how can i do
Thanks in advance!
P.S
I'm using windows server 2022

windows-serverwindows-server-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered AlbertAshkhatoyan-9438 commented

Hi,

Based on my research, there are 2 situations when the TLS was disabled:

Disabled by default: unless the SSPI caller explicitly requests this protocol version using the deprecated SCHANNEL_CRED structure, Schannel SSP will not negotiate this protocol version.

Disabled: Schannel SSP will not negotiate this protocol version regardless of the settings the SSPI caller may specify.

They can be defined due to your requirements:
https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings

Best Regards,

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

117872-tls-error.jpg



I Used the documentation but TLS 1.2 connection still exist.

0 Votes 0 ·
tls-error.jpg (87.3 KiB)
FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered FanFan-MSFT commented

Hi,

Try to set the value as the following screenshot showing to disable the the TLS 1.2.
118093-7272.jpg



7272.jpg (70.4 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Thank you for answer!
118137-tls-erro-2.jpg


The same. I tried everything possible, but no result(
I need to block requests with TLS 1.2 (like Client and like Server)

0 Votes 0 ·
tls-erro-2.jpg (101.5 KiB)
FanFan-MSFT avatar image FanFan-MSFT AlbertAshkhatoyan-9438 ·

Hi,
I would do more research about it.
If there are any progresses, i will update here!

Best Regards,

1 Vote 1 ·