TLS 1.0

Enables or disables the use of TLS 1.0.

TLS 1.0 is largely still secure. When used with HTTP, it can almost be made secure with careful configuration. However, it may be required for backwards compatibility reasons.

Changing this setting will require a restart of the computer before the setting will take effect.


Supported on: At least Windows 2000
Enable Client-side TLS 1.0 (eg., Internet Explorer)
Enable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\ClientEnabledREG_DWORD1
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\ClientDisabledByDefaultREG_DWORD0
Disable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\ClientEnabledREG_DWORD0
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\ClientDisabledByDefaultREG_DWORD1
Enable Server-side TLS 1.0 (eg., IIS)
Enable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\ServerEnabledREG_DWORD1
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\ServerDisabledByDefaultREG_DWORD0
Disable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\ServerEnabledREG_DWORD0
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\ServerDisabledByDefaultREG_DWORD1

schannel.admx