How to disable TLS 1.0 without breaking RDP

Published on Author JFLeave a comment

PCI DSS 3.1 can be a bear, especially when you’re running a variety of Microsoft Windows Servers, particularly Windows 2008 R2 (links to support cycle).

If you turned off TLS 1.0 you could potentially lock yourself out of RDP, forcing you to physically connect to the machine. If you were running it on a Hyper V or other virtual machine system you could access in that manner.

Microsoft was very much behind the ball in supporting these configurations, but finally go on the ball by supporting these configurations in IE, MS SQL, and varieties of Windows, both desktop and server versions.

Here’s the KB to install¬†before disabling TLS 1.0¬†https://support.microsoft.com/en-us/kb/3080079

While we’re at it, here’s the best free tool for configuring the correct PCI DSS settings on Windows Servers: IIS Crypto by Nartac. They do update it frequently to make lives easier, so if you haven’t looked at it in a while I’d recommend you get the new version and run it on your servers. Just remember to reboot.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.