AnsweredAssumed Answered

TLSv1.0- how to disable? should I disable?

Question asked by Eric Dean on Jun 4, 2015
Latest reply on Sep 21, 2016 by Rob Moss

I'm showing that we're out of PCI compliance due to TLSv1.0 being supported by our IIS server. I have already disabled SSLv3. According to my research, older browsers will be affected if TLS1.0 is disabled, most importantly, the still supported Vista, with any flavor of IE, even supported ones (because I don't see that you can turn on TLS 1.1 and 1.2 in Vista.)

 

My main question is, should this be disabled server side, and if so, how to turn off TLSv1.0 on IIS 8, windows server 2012? Turning off SSLv3 was very straightforward, not seeing a lot out there for disabling TLSv1.0.

 

Any help would be greatly appreciated, I'm not an internet security expert.

 

A Qualys SSL labs scan shows that TLSv1.0, 1.1 and 1.2 are enabled. Interestingly enough, if I run a scan against the website for the company that runs our PCI compliance scan, they have TLSv1.0 turned on for their website!!! Had to laugh at that one.

Outcomes