To disable legacy TLS (Transport Layer Security) protocols using IIS (Internet Information Services), you can follow these steps:
- Open Internet Information Services (IIS) Manager on your server.
- You can typically find it under “Windows Administrative Tools” in the Start menu.
- Expand the server node and select the website or application where you want to disable legacy TLS protocols.
- In the Features View, double-click on “SSL Settings” (under the IIS section).
- In the SSL Settings, uncheck the checkboxes for the legacy TLS versions you want to disable. The checkboxes are typically labeled as “TLS 1.0”, “TLS 1.1”, etc.
- Click “Apply” to save the changes.
By unchecking the checkboxes for the legacy TLS versions, you are instructing IIS to disallow connections using those protocols. This will force clients to use more secure TLS versions, such as TLS 1.2 or higher.
Note: Disabling legacy TLS versions may impact the compatibility of older clients or systems that rely on these protocols. Before disabling them, make sure your clients and applications support newer TLS versions. Additionally, it’s recommended to monitor your server logs and test your website or application thoroughly after making these changes to ensure everything is functioning as expected.
Should I disable TLS 1.0 and TLS 1.1 support on my web servers
https://learn.microsoft.com/en-us/security/engineering/disable-legacy-tls