Azure - Disabled TLS 1.0 on windows server 2012 R2 which broken RDP capability

Question

After the security audit, we have disabled TLS 1.0 and TLS 1.1 on our Windows server 2012 R2 (Azure cloud service) machines. After the above change, we were not able to RDP on our cloud VM's. Following is the script that used to disable TLS.

 Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\tls 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\tls 1.0\server]
"disabledbydefault"=dword:00000001
"enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\tls 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\tls 1.1\server]
"disabledbydefault"=dword:00000001
"enabled"=dword:00000000

Disabling TLS 1.0 will break RDP under default settings. You may change the RDP Security Layer. To do this please open Terminal Services Configuration (tsconfig.msc), double-click RDP-Tcp, change Security Layer to RDP Security Layer. — Hackerman, Oct 08 '18 at 17:18
@Hackerman This article says Open RDP security layer is vulnerable to **MITM** attack https://social.technet.microsoft.com/forums/en-us/d5b933f0-099c-405c-8e3c-5130d95c670d/rdp-does-not-work-after-disabling-tls-10 — AjItH V S, Oct 09 '18 at 04:53
Yep, it also says that disabling tls is not recommended by the same reason. — Hackerman, Oct 09 '18 at 17:32

Azure - Disabled TLS 1.0 on windows server 2012 R2 which broken RDP capability

0 Answers0