I want to disable some weak cipher suites in Windows but TLS 1.2 is not so vulnerable and I don't want to cause any other problem in the server, so I just want to disable them for TLS 1.0 and 1.1.
Disable-TlsCipherSuite command works but disables a cipher suite for all TLS versions.
Asked
Active
Viewed 4,123 times
2
Sahin
- 119
- 1
- 5
-
3I don't think this is possible – Steffen Ullrich May 25 '22 at 07:34
1 Answers
3
Weak cipher suites should be disabled regardless of SSL/TLS version.
Also, yes: disabling versions of SSL/TLS older than TLS 1.2 is highly recommended.
IIS Crypto is a very useful free tool that will assist with disabling less secure protocols and cipher suites. See https://www.nartac.com/Products/IISCrypto/. Note: I am not in any way affiliated with Nartac Software. Simply recommending a GUI/command line tool that has proven to be very helpful.
SamErde
- 3,409
- 3
- 24
- 44